Doclarity.ai — Terms and Conditions

Effective date: January 1, 2026
Last updated: February 15, 2026
 
 
 

These Terms and Conditions (“Terms”) govern access to and use of the Doclarity.ai platform (the “Service”). These Terms are entered into by and between Claribrix, a company incorporated in Morocco (“Claribrix”, “Doclarity”, “we”, “us”), and the entity accepting these Terms (“Customer”, “you”). If you accept on behalf of an entity, you represent you have authority to bind that entity.

Claribrix legal details :

  • Legal entity name: Claribrix Sarl
  • Registered address: Résidence Riad El Otor B, N·4, Bloc C, Avenue Annakhil, Hay Riad, Rabat
  • Registry / IDs: ICE : 003871549000033 | RC : 195369 |  TP : 25502886 | IF : 71812243
  • Legal notices email: legal@doclarity.ai
  • Support email: support@doclarity.ai
1. Introduction & Acceptance
1.1 The Service
The “Service” includes Doclarity’s web application and any related desktop/mobile applications (if any), APIs, and documentation made available by Claribrix for enterprise document ingestion, OCR, classification, semantic search, and AI-assisted analysis with citation-linked outputs.
1.2 Acceptance
By creating an account, clicking “I agree”, signing an Order Form, or otherwise accessing or using the Service, Customer agrees to be bound by these Terms.
1.3 Order Forms; precedence
Subscriptions may be purchased via an online checkout or a written order form, statement of work, or similar document referencing these Terms (“Order Form”). If there is a conflict, the following order controls: (1) Order Form, (2) these Terms, (3) Documentation.
1.4 Updates to Terms
Claribrix may update these Terms from time to time. Material changes apply upon the later of (a) posting to the Service or (b) notice to Customer (email or in-product). Continued use after the effective date constitutes acceptance.
 
2. Account Terms
2.1 Eligibility (B2B Only)
The Service is offered exclusively for business and institutional use (private companies, public entities, and NGOs). The Service is not intended for consumer/personal use. You represent that you are using the Service on behalf of an organization and have authority to bind it.
2.2 Registration; accuracy
Customer must provide accurate and complete account information and keep it up to date.
2.3 Account security
  • Customer is responsible for all activity under its accounts, including actions of its Users.
  • Customer must keep credentials confidential, enforce strong authentication practices, and promptly notify Claribrix of any unauthorized access or suspected compromise.
2.4 Users; administrators

Users” are individuals authorized by Customer to use the Service. Customer is responsible for Users’ compliance with these Terms and for configuring access controls, workspaces, and permissions.

3. Definitions
  • “Customer Content” means all data and materials submitted to the Service by or on behalf of Customer, including Input, prompts, configurations, and associated metadata.
  • “Input” means documents and other content uploaded or otherwise provided for processing (e.g., PDFs, scans, images, DOCX, text).
  • “Output” means AI-generated results produced by the Service from Customer Content (e.g., summaries, answers, citations, extracts, reports).
  • “Documentation” means user guides, policies, and technical documentation for the Service.
  • “Subscription Term” means the duration stated in an Order Form (or, if none, monthly).
  • “DPA” means the Data Processing Addendum in Appendix B.
4. Data Ownership & Intellectual Property 
4.1 Customer ownership of Input (100%)
Customer retains 100% ownership of its Input and all Customer Content. Claribrix acquires no ownership rights in Customer Content.
4.2 Limited license to operate the Service
Customer grants Claribrix a limited, non-exclusive license to host, copy, process, transmit, and display Customer Content solely as necessary to:
  • provide, secure, and maintain the Service,
  • perform OCR, indexing, classification, embeddings/vectorization, retrieval, and citation linking,
  • respond to Customer prompts and generate Output,
  • troubleshoot and ensure reliability and security (subject to Section 5).
4.3 Ownership of Output
As between the parties, Customer owns the Output to the extent permitted by applicable law, subject to:
  • any third-party rights embedded in Customer Content, and
  • Claribrix’s underlying platform rights (Section 4.4).
  • To the extent Claribrix has any rights in Output necessary for Customer’s business use, Claribrix assigns those rights to Customer.
4.4 Claribrix platform IP
Claribrix retains all rights in and to the Service and its underlying technology, including software, architecture, algorithms, orchestration, retrieval pipelines, agent frameworks, taxonomies, UI/UX, system prompts and workflows, Documentation, and improvements (“Claribrix IP”), excluding Customer Content.
4.5 Feedback

If Customer provides feedback, Customer grants Claribrix a non-exclusive, perpetual, irrevocable, royalty-free right to use and incorporate feedback into the Service without obligation.

5. No-Training Guarantee
5.1 No training on Customer Content
Claribrix will never use Customer Content (including Input, Output, prompts, or workspace materials) to train or fine-tune any foundation model, or to train Claribrix proprietary models/algorithms, in any manner that would cause Customer Content to be learned, memorized, or reproduced outside Customer’s tenancy.
5.2 No cross-customer learning
Claribrix will not use one customer’s Customer Content to improve another customer’s results.
5.3 Permitted operational telemetry

Claribrix may use aggregated and/or de-identified operational telemetry (e.g., uptime, latency, error counts, feature usage counts) to improve reliability, performance, and security, provided it does not contain Customer Content.

6. Use Restrictions & Acceptable Use
Customer and Users must not (and must not attempt to):
6.1 Reverse engineering / security circumvention
  • reverse engineer, decompile, disassemble, or attempt to derive source code or underlying components (except where prohibited by law),
  • circumvent security or access controls, rate limits, tenancy isolation, or monitoring,
  • probe/scan the Service for vulnerabilities without written authorization.
6.2 Scraping / harvesting / competitive use
  • scrape, crawl, or use automated means to extract data from the Service (except via documented APIs expressly permitted),
  • use the Service to build competing products, publish competitive benchmark reports without consent, or train external models on content obtained from the Service.
6.3 Illegal, harmful, or deceptive content
  • violate applicable laws or third-party rights (privacy, IP, confidentiality, trade secrets),
  • generate or disseminate deception-oriented content including impersonation, misinformation, or deepfakes intended to mislead,
  • create malware, phishing, or social engineering content.
6.4 Customer compliance responsibilities
Customer is responsible for:
  • ensuring it has all necessary rights and lawful basis to upload and process Input,
  • applying internal governance for who can upload sensitive content and who can export Output,
  • implementing human review for critical use cases (see Section 9).

Claribrix may suspend or terminate access for violations (Section 12).

7. Subscription, Fees, Billing & Refunds
7.1 Plans and billing
The Service is provided on a subscription basis (monthly or annual) as stated in the Order Form and/or the pricing page.
7.2 Fees and taxes
Fees are due in advance unless stated otherwise. Fees exclude applicable taxes (including VAT or similar), which Customer is responsible for, except taxes on Claribrix income.
7.3 Renewal
Unless canceled before renewal in accordance with the Service interface or the Order Form:
  • monthly plans renew monthly,
  • annual plans renew annually.
7.4 Late payment and suspension
Claribrix may suspend access for overdue amounts after notice and a reasonable cure period, except where prohibited by applicable law or modified by an Order Form.
7.5 Refund policy
Unless required by law or expressly stated in an Order Form:
  • fees are non-refundable once billed,
  • trials (if offered) are provided “as is” and may be withdrawn at any time.
7.6 Changes to fees

Claribrix may update pricing for renewals with prior notice (e.g., 30 days). Pricing changes do not apply to the current Subscription Term.

8. Sovereign Data, Hosting & Privacy
8.1 Privacy Policy and Cookie Policy
Claribrix’s Privacy Policy and (if applicable) Cookie Policy explain how personal data is handled and are incorporated by reference. If the DPA applies, it prevails for processing terms.
8.2 EU/EEA hosting for Customer Content
Customer Content is hosted and processed on infrastructure located in the EU/EEA, as described in the Documentation and/or Order Form.
8.3 No third-party subprocessors in the core app
For the core Service and processing pipeline, Claribrix does not engage third-party subprocessors with access to Customer Content. (See DPA, Appendix B.)
8.4 Marketing website analytics (Google Analytics)
Claribrix’s public marketing website uses Google Analytics for website usage measurement. This is separate from the Service and governed by the Privacy/Cookie Policy and consent mechanisms where required.
8.5 Security measures
Claribrix implements administrative, technical, and organizational measures designed to protect Customer Content. More detail is available in the DPA and/or a security annex.
8.6 Disclosure
Claribrix will not disclose Customer Content to third parties except:
  • as directed by Customer,
  • as required by law (with notice where legally permitted),
  • to investigate or prevent security incidents or misuse consistent with these Terms.
8.7 Morocco (Law 09-08 / CNDP) compatibility

Where Customer Content contains personal data and Moroccan data protection law applies, the parties will comply with applicable requirements of Law 09-08 and CNDP guidance, including contractual safeguards via the DPA.

9. Warranties & Disclaimers
9.1 Performance warranty
Claribrix warrants it will provide the Service in a professional and workmanlike manner and materially in accordance with Documentation during the Subscription Term.
9.2 AI outputs; verification required
The Service is designed to generate citation-linked answers to reduce hallucinations by grounding Output in Customer Content. However, Output may be incomplete or inaccurate due to, for example, OCR errors, ambiguous sources, missing documents, retrieval limitations, or user prompts. Customer is responsible for human review and verification of Output before relying on it for critical decisions (legal, compliance, audit, safety, or financial reporting).
9.3 “As-is” / “As-available” disclaimer
Except as expressly stated, the Service is provided “AS IS” and “AS AVAILABLE.” To the maximum extent permitted by law, Claribrix disclaims implied warranties including merchantability, fitness for a particular purpose, and non-infringement.
9.4 No professional advice

The Service does not provide legal, tax, accounting, or other regulated professional advice. Output is informational and depends on Customer Content and usage.

10. Limitation of Liability & Indemnification
10.1 Exclusion of indirect damages
To the maximum extent permitted by law, neither party will be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for loss of profits, revenue, goodwill, or data, arising out of or related to these Terms.
10.2 Liability cap
Except for Excluded Claims (Section 10.3), each party’s total aggregate liability arising out of or related to these Terms will not exceed the total fees paid or payable by Customer for the Service in the 12 months preceding the event giving rise to the claim.
10.3 Excluded claims
The liability cap does not apply to:
  • Customer payment obligations,
  • either party’s fraud or willful misconduct (and, to the extent not limitable under applicable law, gross negligence),
  • Customer’s breach of Section 6 (Use Restrictions),
  • Customer’s infringement/misappropriation of Claribrix IP,
  • breaches of confidentiality (Section 11),
  • violations of data protection obligations to the extent liability cannot be limited under applicable law.
10.4 Customer indemnity
Customer will defend, indemnify, and hold harmless Claribrix and its affiliates from third-party claims arising from:
  • Customer Content (including allegations that Input infringes IP, violates confidentiality, or violates privacy rights),
  • Customer’s or Users’ misuse of the Service or violation of Section 6,
  • Customer’s products/services, decisions, or actions taken based on Output.
10.5 Claribrix IP indemnity (enterprise standard)
Claribrix will defend Customer against third-party claims that the Service (excluding Customer Content) infringes a third party’s IP rights, and will indemnify Customer for covered damages/settlements, provided Customer:
  • promptly notifies Claribrix,
  • allows Claribrix sole control of the defense/settlement, and
  • reasonably cooperates.

Exclusions: claims arising from Customer Content, unauthorized modifications, combination with non-Claribrix products, or use not in accordance with Documentation.

11. Confidentiality
11.1 Confidential Information
“Confidential Information” means non-public information disclosed by a party that is marked confidential or reasonably should be understood as confidential, including Customer Content and security materials.
11.2 Obligations
Each party will:
  • use Confidential Information only to perform or receive under these Terms,
  • protect it using reasonable measures (at least as protective as it uses for its own similar information),
  • disclose only to personnel/contractors with a need to know and bound by confidentiality.
11.3 Exclusions
Confidential Information does not include information that is publicly available without breach, independently developed, or rightfully received from a third party without duty of confidentiality.
11.4 Compelled disclosure

A party may disclose Confidential Information if required by law, provided it gives notice (where legally permitted) and cooperates to limit disclosure.

12. Termination, Suspension & Data Handling
12.1 Term
These Terms remain in effect until the Subscription Term expires or is terminated.
12.2 Termination for convenience
Customer may cancel per the Service interface or Order Form. For paid terms, cancellation takes effect at the end of the current Subscription Term unless the Order Form provides otherwise.
12.3 Termination for cause
Either party may terminate if the other materially breaches and fails to cure within 30 days of written notice (or shorter if breach is incurable or relates to Section 6).
12.4 Suspension
Claribrix may suspend access immediately if:
  • required by law,
  • Customer use poses a security risk to the Service or other customers,
  • Customer is in material breach of Section 6,
  • payment is overdue beyond any applicable cure period.
12.5 Effect of termination; export and deletion
  • Upon termination, Customer’s right to use the Service ends.
  • Claribrix will make Customer Content available for export for 45 days after termination (unless prohibited by law or for security reasons).
  • After the export window, Claribrix will delete Customer Content from production systems within a reasonable period, subject to lawful retention, backups, and minimal security/audit logs. Backups are overwritten on a rolling schedule.
13. Data Protection (GDPR & Morocco Law 09-08 / CNDP)

If Customer Content contains personal data, the DPA in Appendix B applies and is incorporated into these Terms.

14. Governing Law & Jurisdiction
14.1 Governing law
These Terms are governed by the laws of the Kingdom of Morocco, without regard to conflict of laws principles.
14.2 Jurisdiction

Any dispute arising out of or relating to these Terms will be subject to the exclusive jurisdiction of the competent courts of Casablanca, unless the Order Form specifies arbitration or another dispute resolution mechanism.

15. Miscellaneous
15.1 Assignment
Neither party may assign these Terms without the other’s prior written consent, except to an affiliate or in connection with a merger, acquisition, or sale of substantially all assets.
15.2 Force majeure
Neither party is liable for delays or failures due to events beyond reasonable control, provided it uses reasonable efforts to mitigate.
15.3 Severability
If any provision is unenforceable, the remainder remains in effect.
15.4 Entire agreement
These Terms (and any Order Form/DPA) are the entire agreement regarding the Service and supersede prior discussions.
15.5 Notices
Notices must be sent to:
  • Claribrix: [LEGAL NOTICE EMAIL + REGISTERED ADDRESS]
  • Customer: the email/address in the account or Order Form.
Appendix B — Data Processing Addendum (DPA)
(Morocco Law 09-08 / CNDP + GDPR Article 28 aligned)
This DPA forms part of the Terms and applies only to the extent Claribrix processes personal data on behalf of Customer in connection with the Service.
B1. Definitions (DPA-Specific)
  • “Applicable Data Protection Laws” means, as applicable:
  • (i) EU GDPR (Regulation (EU) 2016/679) and any implementing laws; and/or
  • (ii) Morocco Law 09-08 and CNDP guidance/decisions. (EUR-Lex)
  • “Personal Data” has the meaning given under Applicable Data Protection Laws.
  • “Controller”, “Processor”, “Processing” have the meanings given under Applicable Data Protection Laws.
  • “Security Incident” means a confirmed breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
B2. Scope, Subject Matter, Duration
  1. Subject matter: Claribrix processes Personal Data only to provide the Service (document ingestion, OCR, indexing, retrieval, and generation of citation-linked outputs) as initiated and controlled by Customer.
  2. Duration: Processing continues for the Subscription Term and until deletion/return under B10.
  3. Nature and purpose: Hosting, storage, retrieval, transformation (OCR/classification), and generation of outputs strictly based on Customer instructions via the Service.
  4. Categories: As described in Annex 1 (to be completed by Customer or agreed in the Order Form).
B3. Roles & Instructions
  1. Roles: Customer is the Controller and Claribrix is the Processor for any Personal Data within Customer Content. (GDPR)
  2. Documented instructions: Claribrix processes Personal Data only on Customer’s documented instructions, which include Customer’s use/configuration of the Service and any written instructions in an Order Form.
  3. Unlawful instructions: If Claribrix reasonably believes an instruction violates Applicable Data Protection Laws, Claribrix will notify Customer (unless legally prohibited) and may suspend that instruction or the impacted processing.
B4. Claribrix Personnel Confidentiality
Claribrix ensures persons authorized to process Personal Data are bound by confidentiality obligations (contractual or statutory) and receive appropriate privacy/security awareness.
B5. Security Measures
  1. Claribrix implements appropriate technical and organizational measures designed to protect Personal Data against Security Incidents (see Annex 2).
  2. Claribrix may update its security measures to maintain or improve overall security, provided updates do not materially reduce protection.
B6. Subprocessors
  1. Core Service: Claribrix does not appoint subprocessors that process Customer Content or have access to Personal Data within the Service.
  2. If Claribrix ever needs to add a subprocessor for the core Service, Claribrix will:
    • provide prior notice and an opportunity for Customer to object on reasonable grounds, and
    • ensure the subprocessor is bound by data protection obligations no less protective than this DPA. (GDPR)

Note: Google Analytics is used on the marketing website only, not for processing Customer Content in the Service.

B7. Assistance to Customer (Rights, DPIA, Compliance)
Taking into account the nature of processing and information available to Claribrix, Claribrix will provide reasonable assistance to Customer for:
  • responding to data subject requests (access, deletion, etc.) where applicable,
  • supporting DPIAs / risk assessments where required,
  • demonstrating compliance with Processor obligations (including providing relevant security information). (GDPR)
B8. Security Incident (Breach) Response
  1. Notification: Claribrix will notify Customer without undue delay after becoming aware of a Security Incident involving Personal Data processed under this DPA.
  2. Content: Notification will include, where available, the nature of the incident, likely consequences, and measures taken/proposed to address it.
  3. No admission: Notification is not an admission of fault.
  4. Customer reporting: Customer is responsible for any regulatory notifications (CNDP and/or EU supervisory authorities) and data subject notices, unless otherwise agreed.
B9. Audits & Compliance Verification
  1. Evidence: Upon request, Claribrix will provide reasonable information necessary to demonstrate compliance with this DPA (e.g., security overview, policy summaries). (GDPR)
  2. Audits: Customer may conduct an audit once per year (or more if required by a regulator) with at least 30 days written notice, during normal business hours, and subject to:
    • confidentiality obligations,
    • reasonable scope limitations to protect other customers’ data and security,
    • no access to Claribrix source code, model weights, or unrelated systems.
  3. Third-party auditor: Audits may be performed by an independent auditor bound by confidentiality.
B10. Return / Deletion of Personal Data
  1. Upon termination of the Service, Claribrix will make Customer Content available for export for 45 days.
  2. After the export window, Claribrix will delete Personal Data from production systems within a reasonable period, subject to lawful retention and rolling backups.
  3. Backups are overwritten on a rolling schedule; access is restricted and used only for disaster recovery.
B11. Data Location & Transfers
B11.1 EU/EEA hosting
Customer Content is hosted and processed in the EU/EEA as part of the Service.
B11.2 GDPR international transfers (if applicable)
If GDPR applies and Personal Data is transferred from the EU/EEA to a country without an adequacy decision (including remote access from Morocco by Claribrix personnel), the parties agree that such transfers will be governed by the EU Standard Contractual Clauses adopted by the European Commission, Commission Implementing Decision (EU) 2021/914, incorporated by reference, Module Two (Controller → Processor), with the Annexes completed as set out in Annex 3 of this DPA. (EUR-Lex)
Claribrix will implement reasonable supplementary measures where necessary to protect transferred data (e.g., strong access controls, encryption in transit, least privilege).
B11.3 Morocco Law 09-08 / CNDP transfer formalities (Customer responsibility)
Where Morocco Law 09-08 applies and Customer’s use of the Service involves a transfer of Personal Data abroad (including hosting in the EU/EEA), Customer is responsible for completing any required CNDP formalities (declaration/authorization and, where applicable, transfer filings). Claribrix will provide reasonable assistance by supplying hosting location and security information relevant to Customer’s CNDP file. (CNDP)
B12. Customer Obligations
Customer represents and warrants that:
  • it has a lawful basis and necessary rights to provide Customer Content (including Personal Data) to Claribrix for processing,
  • it will not provide Personal Data beyond what is necessary for its legitimate business purposes,
  • it will configure access controls to prevent unauthorized access and exports,
  • it will handle Output and exports in compliance with Applicable Data Protection Laws.
B13. Order of Precedence

If there is a conflict between this DPA and the Terms, this DPA controls for privacy/data protection matters. If SCCs apply, SCCs control for transfer-related obligations.

Annex 1 — Description of Processing (Art. 28 style)
A. Subject matter: Processing of Customer Content to provide the Service.
B. Duration: Subscription Term + deletion/export period.
C. Nature of processing: collection (upload), storage, OCR, indexing, classification, retrieval, summarization/answer generation, citation linking, export.
D. Purpose: Provide document intelligence capabilities to Customer.
E. Categories of Personal Data (examples): Identifiers, professional information, correspondence, contract content, compliance/audit records, as uploaded by Customer.
F. Categories of Data Subjects (examples): Customer employees, contractors, customers/clients, suppliers, citizens/beneficiaries (for public/NGO), as applicable.
(Customer may narrow the categories in the Order Form.)
 
Annex 2 — Technical & Organizational Measures (TOMs) (Summary)
Claribrix maintains measures appropriate to risk, such as:
  • Access control: role-based access, least privilege, strong authentication, administrative access restrictions.
  • Isolation: tenant/workspace separation and permissions.
  • Encryption: encryption in transit (TLS); encryption at rest where implemented on storage layers.
  • Logging & monitoring: security logging, anomaly monitoring, incident response procedures.
  • Backups & recovery: rolling backups, restricted access to backup systems, disaster recovery procedures.
  • Secure SDLC: change management, dependency management, vulnerability remediation practices.
  • Physical security: EU/EEA hosting physical security controls (as applicable to infrastructure).
  • Confidentiality: personnel confidentiality commitments and access governance.
(You can expand this Annex with your actual controls/policies if procurement asks.)
 
 
Annex 3 — SCC Configuration (only if GDPR transfers apply)
  1. The SCCs adopted under Commission Implementing Decision (EU) 2021/914 are incorporated by reference. (EUR-Lex)
  2. Module selected: Module Two (Controller → Processor).
  3. Parties:
    • Data exporter: Customer (Controller)
    • Data importer: Claribrix (Processor)
  4. Annexes:
    • Annex I.A/B/C: populated using Annex 1 of this DPA and the Order Form
    • Annex II: populated using Annex 2 of this DPA
    • Annex III (subprocessors): None for core Service
  5. Competent supervisory authority: determined under GDPR based on the data exporter’s establishment (or as per SCC rules).
Annex 4 — Subprocessors
Core Service subprocessors: None
Marketing website: Google Analytics (separate from Service; not a Service subprocessor for Customer Content)