Frequently Asked Questions (FAQ)
What this document is: A collection of frequently asked questions about Clawscan.
Why this matters: Provides quick, clear answers to common concerns from legal, privacy, IT, and business stakeholders.
When to use this: Initial evaluation, internal discussions, vendor comparisons, procurement processes.
General
What is Clawscan?
Clawscan is a platform that helps organizations detect potential legal and compliance risks in internal communications.
It analyzes communication content to identify patterns that may indicate risks such as competition law issues, anti-corruption concerns, or other compliance-related signals.
See:
Does Clawscan monitor employees?
No.
Clawscan is not designed and cannot be used to monitor employees or evaluate individuals.
- it does not create employee profiles
- it does not assign individual risk scores
- it does not assess performance or behaviour
It focuses on communication-level risk detection, not people.
See:
Data & Privacy
Does GOlegal access our emails?
No.
Clawscan is designed so that email content remains within the client’s environment.
GOlegal does not access, receive, or process raw communication content.
See:
What data is transmitted outside our environment?
Only:
- derived scan results (e.g. classification, score)
- operational telemetry (e.g. system diagnostics)
No raw communication content is transmitted.
See:
Does Clawscan process personal data?
In principle, no personal data related to communication content is processed by GOlegal.
Personal data may only be processed in limited cases such as:
- setup
- support or maintenance
See:
Do we need a Data Processing Addendum (DPA)?
Only in limited situations.
A DPA is relevant only if GOlegal processes personal data, which typically occurs:
- during setup
- during support or maintenance
In standard operation, this is not required.
See:
Security
Where is data processed?
Data is processed within the client’s Microsoft 365 and Azure environment.
This is known as a tenant-resident architecture.
See:
How is data secured?
Clawscan implements technical and organisational measures (TOMs) such as:
- access control
- infrastructure isolation
- monitoring and diagnostics
- controlled data flows
See:
AI & Compliance
Does Clawscan make automated decisions?
No.
Clawscan provides risk signals only.
All decisions remain subject to human review.
See:
Does Clawscan profile individuals?
No.
The system:
- does not create behavioural profiles
- does not track individuals
- does not generate employee-level analytics
See:
Is Clawscan compliant with the EU AI Act?
Clawscan is designed as an assistive system, not a decision-making system.
It is positioned to avoid classification as a high-risk AI system under the EU AI Act, subject to proper use.
See:
Operations
How long is data retained?
Clawscan uses a period-based retention model:
- results are stored for a defined period
- then deleted after a fixed delay
Aggregated data may be retained longer.
See:
What visibility does GOlegal have?
GOlegal has access to:
- telemetry
- derived results
GOlegal does not have access to:
- raw communication content
Deployment
Can we control what is scanned?
Yes.
Organizations can define:
- scope of monitoring
- applicable domains
- exclusions (e.g. private communications)
Optionnally, organizations can further define the specific obligations they are targeting within a particular domain.
See:
Can Clawscan be deployed in our environment?
Yes.
Clawscan is designed to run within the client’s environment, ensuring full control over data and infrastructure.
See:
Still have questions?
For more detailed information, refer to: