Security

Security & Compliance

Enterprise-grade security protecting your data and operations

At CLAIRE, security is not an afterthought—it’s foundational to everything we build. We understand that you’re entrusting us with sensitive business data, customer information, and mission-critical operations. This page details the comprehensive measures we take to protect your information and maintain your trust.

SOC 2 Type II

In Progress – Expected Q2 2026

GDPR Compliant

Fully Compliant

ISO 27001

Certification In Progress

HIPAA Ready

Available for Enterprise

Data Encryption & Protection

🔐 Data in Transit

  • TLS 1.3 encryption for all connections
  • Perfect Forward Secrecy (PFS)
  • HTTPS enforcement site-wide
  • Certificate pinning for API clients

💾 Data at Rest

  • AES-256 encryption for all stored data
  • Encrypted database backups
  • Separate encryption keys per tenant
  • Hardware Security Modules (HSM) for key management

🔑 Key Management

  • AWS KMS for encryption key storage
  • Automated key rotation (90 days)
  • Multi-party authorization for key access
  • Audit logging for all key operations

Infrastructure Security

Cloud Architecture

CLAIRE is hosted on enterprise-grade cloud infrastructure with multiple layers of protection:

  • Multi-Region Redundancy: Data replicated across geographically distributed data centers
  • Private Network Isolation: Services run in isolated Virtual Private Clouds (VPCs)
  • DDoS Protection: CloudFlare Enterprise with automatic traffic filtering
  • Web Application Firewall (WAF): Real-time protection against OWASP Top 10 threats
  • Intrusion Detection: 24/7 monitoring with automated threat response

Network Security

🛡️ Perimeter Defense

  • Stateful firewall rules
  • IP whitelisting for admin access
  • VPN requirements for infrastructure access
  • Rate limiting and throttling

🔍 Monitoring & Detection

  • Real-time security event monitoring
  • Anomaly detection algorithms
  • Automated alert escalation
  • Security Information & Event Management (SIEM)

🚨 Incident Response

  • 24/7 security operations center
  • Documented incident response plan
  • < 15 minute initial response time
  • Post-incident analysis and remediation

Application Security

Secure Development Lifecycle

  • Code Reviews: Mandatory peer review for all code changes
  • Static Analysis: Automated scanning for vulnerabilities (SAST)
  • Dynamic Testing: Runtime security testing (DAST) in staging environments
  • Dependency Scanning: Continuous monitoring of third-party libraries
  • Penetration Testing: Annual third-party security assessments

Authentication & Authorization

👤 User Authentication

  • Multi-Factor Authentication (MFA) available
  • MFA mandatory for Enterprise plans
  • Password complexity requirements
  • Bcrypt hashing with unique salts
  • Session timeout after inactivity

🎯 Access Control

  • Role-Based Access Control (RBAC)
  • Principle of least privilege
  • Granular permissions per feature
  • Team member access management
  • API key rotation and revocation

📋 Audit Logging

  • Complete audit trail of all actions
  • Immutable log storage
  • 7-year retention for compliance
  • Real-time log analysis
  • Exportable audit reports

Data Privacy & Compliance

GDPR Compliance

We are fully compliant with the General Data Protection Regulation (GDPR):

  • Data Subject Rights: Full support for access, rectification, erasure, portability, and objection
  • Lawful Basis: Clear legal basis for all data processing activities
  • Data Minimization: We collect only necessary information
  • Purpose Limitation: Data used only for stated purposes
  • Storage Limitation: Automatic deletion after retention period
  • Data Processing Agreements: GDPR-compliant DPAs with all sub-processors
  • Data Protection Officer: Designated DPO available at dpo@claire.trade
  • Breach Notification: 72-hour notification to authorities as required

Data Residency & Sovereignty

Enterprise customers can choose data storage locations:

  • 🇪🇺 European Union (Frankfurt, Ireland)
  • 🇬🇧 United Kingdom (London)
  • 🇺🇸 United States (Virginia, Oregon)
  • 🏢 On-Premises deployment (Enterprise only)

All data transfers comply with GDPR Article 46 using Standard Contractual Clauses (SCCs).

Industry-Specific Compliance

  • HIPAA (Healthcare): Business Associate Agreements (BAA) available for Enterprise customers
  • PCI DSS (Payments): We never store payment card data—processed by PCI-compliant providers (Stripe)
  • SOC 2 Type II: Currently undergoing audit, expected certification Q2 2026
  • ISO 27001: Information security management system certification in progress

Business Continuity & Disaster Recovery

Backup & Recovery

  • Automated Backups: Continuous backup of all production data
  • Geographic Redundancy: Backups stored in multiple regions
  • Point-in-Time Recovery: Restore to any point within 30 days
  • Backup Testing: Quarterly disaster recovery drills
  • Recovery Time Objective (RTO): < 4 hours for critical services
  • Recovery Point Objective (RPO): < 15 minutes of data loss

High Availability

  • Uptime SLA: 99.9% availability guarantee for paid plans
  • Load Balancing: Traffic distributed across multiple servers
  • Auto-Scaling: Automatic capacity adjustment based on demand
  • Failover Systems: Automatic failover to backup infrastructure
  • Zero-Downtime Deployments: Updates with no service interruption

Employee Security

Access Controls

  • Background Checks: All employees undergo security screening
  • Least Privilege: Access granted only as needed for job function
  • Access Reviews: Quarterly review of employee permissions
  • Offboarding: Immediate access revocation upon termination

Training & Awareness

  • Security Training: Mandatory security awareness training for all employees
  • Phishing Tests: Regular simulated phishing exercises
  • Secure Coding: Developer training on OWASP Top 10 and secure practices
  • Incident Drills: Tabletop exercises and response simulations

Third-Party Security

Vendor Management

All third-party service providers are rigorously evaluated:

  • Due Diligence: Security assessments before onboarding
  • Contracts: Data processing agreements with all vendors
  • Monitoring: Ongoing review of vendor security posture
  • Limited Access: Vendors access only necessary data

Key Technology Partners

  • AWS (Cloud Infrastructure): SOC 2, ISO 27001, PCI DSS certified
  • Stripe (Payments): PCI DSS Level 1 certified
  • Cloudflare (CDN/Security): ISO 27001, SOC 2 Type II certified

Vulnerability Management

  • Vulnerability Scanning: Weekly automated scans of all infrastructure
  • Patch Management: Critical patches applied within 48 hours
  • Bug Bounty Program: Responsible disclosure program (coming Q1 2026)
  • Security Updates: Transparent communication about security issues

Customer Security Controls

What You Can Control

  • Multi-Factor Authentication: Enable MFA for your account
  • IP Whitelisting: Restrict access to specific IP ranges (Enterprise)
  • Session Management: Force logout across all devices
  • Activity Monitoring: Review audit logs of account activity
  • Team Permissions: Granular control over team member access
  • API Keys: Generate, rotate, and revoke API credentials

Security Inquiries & Reporting

We take security seriously. If you have questions or need to report a security concern:

Security Team: security@claire.trade

Responsible Disclosure: security@claire.trade

Response time: < 24 hours for critical vulnerabilities

Enterprise Security Add-Ons

Additional security features available for Enterprise customers:

  • Dedicated Security Account Manager
  • Custom security assessments and penetration testing
  • Private cloud or on-premises deployment
  • Advanced threat intelligence integration
  • Custom data retention policies
  • Dedicated support for compliance requirements (HIPAA, SOC 2, ISO)

Contact our security team to discuss your specific requirements.

Last Updated: October 20, 2025
Contact: Essential AI Solutions LTD, 86-90 Paul Street, London, EC2A 4NE, United Kingdom

Ready to Get Started?

Join the waitlist and be among the first to experience autonomous B2B commerce.

Join Waitlist Now