Feature availability: This article discusses Customer Commitments, which requires an add-on purchase. Refer to Vanta Plans and Pricing for details.
Customer Commitments centralizes and tracks the security, compliance, and privacy obligations defined in your customer contracts. These commitments include requirements like security incident notification SLAs, data deletion and return timelines, sub-processor change notices, and audit rights. Instead of manually reviewing contracts or managing obligations in spreadsheets, you can maintain a single, always-current source of truth in Vanta.
Vanta’s AI Agent reads your uploaded contracts, extracts relevant commitments, and organizes them into a structured, searchable inventory. This makes it easy to understand what you’ve promised, compare requirements across customers, and quickly answer questions, such as which customers require 24-hour incident notification, who needs a certificate of deletion after data deletion, or which agreements permit onsite audits.
Getting started with Customer Commitments
Enable Vanta AI: Customer Commitments requires Vanta AI to be enabled in your account settings.
Import your contracts: Upload contracts manually or sync them from a supported integration to start building a complete inventory of your commitments.
Review pending commitments: Once Vanta AI has processed your imported contracts, review commitments to accept the commitments you want to track and ignore suggestions that aren’t relevant to keep your inventory accurate.
Manage your commitments: Understand the different commitment types, and how to view, edit, and act on commitments.
Configure user permissions: Ensure the right stakeholders have access to view and manage commitments.
We’d love your feedback. Customer Commitments is actively evolving—share your feedback to help shape what comes next.
Importing your contracts
To begin tracking commitments, you’ll need to bring your customer contracts into Vanta. You can upload contracts manually or sync them from a supported contract lifecycle management (CLM) system.
Contracts must be stored in Vanta so extracted commitments can be linked to their source clauses. This allows you to review citations, verify accuracy, and confirm where each obligation originates in the contract. Commitments are only added to your tracked inventory after you review and approve them.
Uploading PDF contracts
Uploading PDF contracts
You can upload individual contract files or upload multiple contracts at a time in bulk.
To upload contracts to Vanta:
From the Commitments page, go to the Contracts tab.
Click Import contacts.
Click Upload or drag and drop your files.
You can upload up to 10 contracts at a time.
Each file must be 50MB or less.
Only .pdf files are supported.
Click Upload to begin processing.
Once uploaded, Vanta AI will begin extracting contract details and identifying commitments. You can continue working in Vanta while processing completes.
Uploading large contracts (175+ pages)
Uploading large contracts (175+ pages)
Contracts greater than 175 pages are processed using an older AI model, which may result in reduced extraction quality.
To improve results, consider breaking large contracts into multiple smaller documents before uploading. Use natural break points, such as separating standalone addendums or exhibits into their own files.
Keep in mind:
There is no limit to the number of contracts that can be associated with a customer account.
Vanta AI does not cross-reference separate uploaded documents. If you split a large contract into multiple files, the AI will not connect definitions or references between them. For example, if Document B references a definition in Document A, the AI will not automatically link those sections.
Syncing contracts from Ironclad
Syncing contracts from Ironclad
You can connect to Ironclad to automatically sync contracts into Vanta. Once connected, finalized contracts are pulled into Vanta on an ongoing basis, including new and updated agreements.
Before you connect:
Ensure you have the appropriate permissions in Ironclad to authorize the integration and sync contracts.
Only finalized contracts are synced. Contracts in draft status are not pulled into Vanta.
To connect to Ironclad:
From the Commitments page, go to the Contracts tab.
Next to the Import contracts button, click the gear icon to view commitment settings.
Follow the prompts to connect and sync contracts from Ironclad—you must check the box to grant Vanta permissions to sync contracts for commitment management.
After the integration is set up, contracts will begin syncing automatically. Once processed by Vanta AI, extracted commitments will be available for review and tracking.
Supported CLMs
Supported CLMs
Customer Commitments currently supports syncing finalized contracts from Ironclad. Support for additional integrations is on the roadmap, including Salesforce, SharePoint, and Google Drive.
Reviewing pending commitments
After you upload or sync a contract, Vanta AI automatically scans the document and extracts security, compliance, and privacy-related commitments—you must review them before they’re added to your inventory.
Because AI-generated results may require verification, you should confirm each commitment accurately reflects your contractual obligations. During review, you can accept commitments you want to track, ignore the ones that aren’t relevant, and manually add commitments if needed.
Finding contracts that require review
Finding contracts that require review
To find contracts that require review:
From the Commitments page, go to the Contracts tab.
In the contracts table, review the Pending commitments column to see how many commitments require review for each contract.
Click a row in the table to open the contract.
Filter commitments within a contract by status:
Pending review: Commitments extracted by AI that require your verification.
Approved: Commitments that have been accepted and are actively tracked.
Ignored: Commitments that were reviewed but excluded from tracking.
Taking action on pending commitments
Taking action on pending commitments
Commitments begin as Pending review so you can review each extracted commitment and decide whether it should be tracked. Because AI-generated results may require verification, confirm each commitment carefully before approving it.
When reviewing commitments within a contract:
Click Approve to accept the commitment and add it to your inventory.
Click Ignore to exclude the commitment from your inventory—you can undo this action.
Click the ✎ pencil icon to edit the commitment.
Click Locate to view the cited clause in the contract and verify that the extracted information accurately reflects the source language.
Take note of any uncategorized commitments—you’ll want to add them to a commitment type.
Adding a commitment manually
Adding a commitment manually
You can add a commitment manually if needed:
Within a contract, highlight the text within the contract so a citation can be linked to the commitment, and click + Add commitment.
You’ll need to add a commitment type and enter a summary.
Managing your commitments
On the Commitments page, commitments are grouped by type—click on any commitment type to open the commitment details page.
Each commitment type uses one of the following formats, which determines the fields available when viewing or editing commitments:
Format | Description | Commitment types |
Structured | Uses a defined schema with fields tailored to the commitment type that allow for filtering on the commitment details page. You can view definitions above the table to understand the purpose of each field. |
|
Unstructured
| Uses a general schema with basic fields: Account, Contract, and Summary. |
|
Custom | Uses a general schema with basic fields: Account, Contract, and Summary. |
|
More structured commitment types are on the way. As new types become available, your existing commitments will be automatically extracted into the new schema, and you'll be notified of the update.
Viewing commitments
Viewing commitments
The Commitments page contains two tabs: Commitments and Contracts.
Commitments tab
Each card represents a commitment type.
View commitments to see all the accounts with that commitment type displayed in a table.
Open a commitment to review the fields, values, and citations from the source contract.
Contracts tab
View all uploaded or synced contracts.
See the number of pending and tracked commitments for each contract.
Open a contract to review its associated commitments.
Editing commitments
Editing commitments
To edit a commitment:
From the Commitments tab: Click View commitments to open the commitment details page, open the commitment you’d like to edit, and click the ✎ pencil icon to edit the commitment.
From the Contracts tab: Open a contract, locate the commitment you’d like to edit, and click the ✎ pencil icon to edit the commitment.
Keep in mind:
When you change a field value, it will be marked as user-modified so you can distinguish it from AI-extracted values.
The commitment format and type determine the fields available for a given commitment. If you change the commitment type, the fields available will update.
You can’t delete commitments. At this time, you can only ignore them.
An em dash (—) in a table row means Vanta AI determined that a value wasn’t specified in the contract. Review the commitment to confirm accuracy or update the value if needed.
Configuring user permissions
Customer Commitments follows Vanta’s user role-based access model. User permissions determine who can view contracts, review commitments, and make changes.
This design ensures that sensitive contract content is limited to Admin users, while still allowing Editors and Trust Admins to work with the extracted commitments.
Role | Permissions |
Editors and Trust Admins | Editors and Trust Admins can view and manage commitments, but they cannot view the underlying source contract documents.
Editors and Trust Admins can:
|
Admins | Admins have full access to all Customer Commitments features.
Only Admins can:
|
For example, when viewing commitments within a contract, Editors and Trust Admins can see the citation within a commitment—but only Admins can view the citation within the underlying contract:
