All documentation
Documentation

Privacy, Security, and Data Protection

How Clariantix protects customer data, assessment evidence, and report content across the platform lifecycle.

7 min readPrivacy & Security

Data Encryption

All data is encrypted in transit using TLS and at rest using strong, industry-standard algorithms. Encryption keys are managed under documented controls.

Access Controls

Role-based access controls and least-privilege principles govern every customer workspace. Administrative access to customer data is restricted, logged, and reviewed.

Evidence Protection

Evidence files uploaded into Clariantix are scoped to the customer's organization, isolated by row-level security, and never used for model training.

Customer Confidentiality

Clariantix does not share customer assessment data, evidence, or reports outside the customer's organization without explicit, recorded consent.

Assessment Isolation

Each customer's assessment data, evidence, and reports are isolated from other tenants at the storage and application layer.

Report Storage

Reports are stored within the customer workspace and can be shared externally only via secure, expiring, password-protected links with download or view-only controls.

Retention Policy

Customer data is retained according to the customer's contract and configured retention policy. Deletion requests are honored end-to-end across primary and backup systems on documented timelines.

Platform Security Principles

Clariantix follows secure-by-default engineering principles, applies continuous monitoring, and aligns its security program with ISO 27001 and SOC 2 control families.

Apply this in your organization

Book an AI Trust Assessment™ to operationalize the Clariantix methodology and receive the full set of executive deliverables.

Related Frameworks

AIDA, EU AI Act, NIST AI RMF, ISO 42001, ISO 27001, SOC 2.

Related Publications

Executive guides on AI Trust, governance, and regulation.