Privacy, Security, and Data Protection
How Clariantix protects customer data, assessment evidence, and report content across the platform lifecycle.
Data Encryption
All data is encrypted in transit using TLS and at rest using strong, industry-standard algorithms. Encryption keys are managed under documented controls.
Access Controls
Role-based access controls and least-privilege principles govern every customer workspace. Administrative access to customer data is restricted, logged, and reviewed.
Evidence Protection
Evidence files uploaded into Clariantix are scoped to the customer's organization, isolated by row-level security, and never used for model training.
Customer Confidentiality
Clariantix does not share customer assessment data, evidence, or reports outside the customer's organization without explicit, recorded consent.
Assessment Isolation
Each customer's assessment data, evidence, and reports are isolated from other tenants at the storage and application layer.
Report Storage
Reports are stored within the customer workspace and can be shared externally only via secure, expiring, password-protected links with download or view-only controls.
Retention Policy
Customer data is retained according to the customer's contract and configured retention policy. Deletion requests are honored end-to-end across primary and backup systems on documented timelines.
Platform Security Principles
Clariantix follows secure-by-default engineering principles, applies continuous monitoring, and aligns its security program with ISO 27001 and SOC 2 control families.
