Our Commitment to Data Security and Privacy
At Claras, we prioritise the security and privacy of your client data and practice information. Our commitment to robust cybersecurity practices ensures a secure and reliable platform that supports your practice and licensee standards. This document outlines our comprehensive security measures and data privacy protocols.
- Cloud Infrastructure: We leverage industry-leading cloud services, benefiting from their world-class security measures.
- Network Security: Our systems are protected by enterprise-grade firewalls and intrusion detection systems to prevent unauthorised access.
- Multi-Factor Authentication (MFA): Mandatory MFA (also known as 2FA) for all user accounts, internal systems access, and service provider accounts.
- Regular Security Audits: We conduct frequent internal security reviews to identify and address potential vulnerabilities.
- Encryption:
- All data is encrypted at rest using industry-standard encryption.
- Data in transit is protected using secure protocols.
- Sensitive information (e.g., access tokens, API keys) undergoes additional application-level encryption before database storage.
- Access Controls: Strict role-based access control ensures that employees only have access to the data necessary for their job functions.
- Data Redundancy: Regular backups protect against data loss.
- Continuous Monitoring: We use GitHub to scan our codebase for vulnerabilities.
- Patch Management: Critical security updates are applied promptly, with a comprehensive update schedule for all systems.
- Incident Response Plan: A defined incident response plan is in place to address potential security events promptly.
- Data Minimisation: We collect and retain only the data necessary for providing our services.
- AI Processing: No Personally Identifiable Information (PII) is ever shared with AI systems processing transcripts.
- Data Localisation: All client data is hosted on servers located in Australia, ensuring compliance with local data sovereignty requirements.
- Data Retention: Clear policies on data retention periods, with options for clients to request data deletion.
- Transparency: Detailed privacy policy explaining how we collect, use, and protect data.
- User Empowerment: Clients have full control over their data, including the ability to access, modify, or delete their information.
- Australian Privacy Principles: Full compliance with the Australian Privacy Principles under the Privacy Act 1988.
- Industry Standards: While we are not currently SOC 2 certified or ISO 27001 compliant, we are actively assessing these frameworks to further enhance our security posture and best practices in data protection and information security management.
Claras is completing SOC 2 certification, and our current practices align closely with the five Trust Services Criteria (TSC) defined by SOC 2. Here's how we address each principle:
- Security:
- We employ industry-leading security protocols to protect your data from unauthorised access
- Our measures include encryption and multi-factor authentication
- We continuously update our defences to stay ahead of potential threats
- Availability:
- Our infrastructure is designed for high availability and reliability
- We utilise redundant systems and perform daily backups
- Processing Integrity:
- We prioritise the accuracy and reliability of our systems
- Continuous monitoring and validation processes automated testing maintain data integrity
- Our processes ensure data processing is complete, valid, and timely
- Confidentiality:
- Protecting your confidential information is paramount
- We implement strict access controls and encryption
- Only authorised personnel have access to production data
- Privacy:
- We adhere to stringent privacy policies and practices, as published on our website
- Our approach aligns with global data protection regulations
- We collect, use, and disclose personal data only in ways that respect user consent and regulatory requirements
- Security Training: Regular security awareness training for all employees.
- Vendor Assessment: Thorough security assessments for all third-party vendors and partners.
- Transparency: We are committed to clear communication about our security practices and any potential incidents.
For any questions or concerns about our security measures, please contact our team at hello@claras.ai.
Our security practices are continually evolving to address the latest threats and comply with emerging regulations.
Cybersecurity Practices
Infrastructure Security
- Cloud Infrastructure: We leverage industry-leading cloud services, benefiting from their world-class security measures.
- Network Security: Our systems are protected by enterprise-grade firewalls and intrusion detection systems to prevent unauthorised access.
- Multi-Factor Authentication (MFA): Mandatory MFA (also known as 2FA) for all user accounts, internal systems access, and service provider accounts.
- Regular Security Audits: We conduct frequent internal security reviews to identify and address potential vulnerabilities.
Data Protection
- Encryption:
- All data is encrypted at rest using industry-standard encryption.
- Data in transit is protected using secure protocols.
- Sensitive information (e.g., access tokens, API keys) undergoes additional application-level encryption before database storage.
- Access Controls: Strict role-based access control ensures that employees only have access to the data necessary for their job functions.
- Data Redundancy: Regular backups protect against data loss.
Vulnerability Management
- Continuous Monitoring: We use GitHub to scan our codebase for vulnerabilities.
- Patch Management: Critical security updates are applied promptly, with a comprehensive update schedule for all systems.
Incident Response
- Incident Response Plan: A defined incident response plan is in place to address potential security events promptly.
Data Privacy
Data Handling
- Data Minimisation: We collect and retain only the data necessary for providing our services.
- AI Processing: No Personally Identifiable Information (PII) is ever shared with AI systems processing transcripts.
- Data Localisation: All client data is hosted on servers located in Australia, ensuring compliance with local data sovereignty requirements.
- Data Retention: Clear policies on data retention periods, with options for clients to request data deletion.
User Control
- Transparency: Detailed privacy policy explaining how we collect, use, and protect data.
- User Empowerment: Clients have full control over their data, including the ability to access, modify, or delete their information.
Compliance
- Australian Privacy Principles: Full compliance with the Australian Privacy Principles under the Privacy Act 1988.
- Industry Standards: While we are not currently SOC 2 certified or ISO 27001 compliant, we are actively assessing these frameworks to further enhance our security posture and best practices in data protection and information security management.
Claras is completing SOC 2 certification, and our current practices align closely with the five Trust Services Criteria (TSC) defined by SOC 2. Here's how we address each principle:
- Security:
- We employ industry-leading security protocols to protect your data from unauthorised access
- Our measures include encryption and multi-factor authentication
- We continuously update our defences to stay ahead of potential threats
- Availability:
- Our infrastructure is designed for high availability and reliability
- We utilise redundant systems and perform daily backups
- Processing Integrity:
- We prioritise the accuracy and reliability of our systems
- Continuous monitoring and validation processes automated testing maintain data integrity
- Our processes ensure data processing is complete, valid, and timely
- Confidentiality:
- Protecting your confidential information is paramount
- We implement strict access controls and encryption
- Only authorised personnel have access to production data
- Privacy:
- We adhere to stringent privacy policies and practices, as published on our website
- Our approach aligns with global data protection regulations
- We collect, use, and disclose personal data only in ways that respect user consent and regulatory requirements
Ongoing Commitment
- Security Training: Regular security awareness training for all employees.
- Vendor Assessment: Thorough security assessments for all third-party vendors and partners.
- Transparency: We are committed to clear communication about our security practices and any potential incidents.
For any questions or concerns about our security measures, please contact our team at hello@claras.ai.
Our security practices are continually evolving to address the latest threats and comply with emerging regulations.
Updated on: 12/08/2024
Thank you!