Our Commitment to Data Security and Privacy
At Claras, we prioritise the security and privacy of your client data and practice information. Our commitment to robust cybersecurity practices ensures a secure and reliable platform that supports your practice and licensee standards. This document outlines our comprehensive security measures and data privacy protocols.
Need a summary to send to your licensee? Request our Security and Privacy Information Sheet.
Visit trust.claras.ai for live, transparent updates to our security status.
- Cloud Infrastructure: We leverage industry-leading cloud services, benefiting from their world-class security measures.
- Network Security: Our systems are protected by enterprise-grade firewalls and intrusion detection systems to prevent unauthorised access.
- Multi-Factor Authentication (MFA): Mandatory MFA (also known as 2FA) for all user accounts, internal systems access, and service provider accounts.
- Regular Security Audits: We conduct frequent internal security reviews to identify and address potential vulnerabilities.
- Encryption:
- All data is encrypted at rest using industry-standard encryption.
- Data in transit is protected using secure protocols.
- Sensitive information (e.g., access tokens, API keys) undergoes additional application-level encryption before database storage.
- Access Controls: Strict role-based access control ensures that employees only have access to the data necessary for their job functions.
- Data Redundancy: Regular backups protect against data loss.
- Continuous Monitoring: We use GitHub to scan our codebase for vulnerabilities.
- Patch Management: Critical security updates are applied promptly, with a comprehensive update schedule for all systems.
- Incident Response Plan: A defined incident response plan is in place to address potential security events promptly.
- Data Minimisation: We collect and retain only the data necessary for providing our services.
- AI Processing: No Personally Identifiable Information (PII) is ever shared with AI systems processing transcripts.
- Data Localisation: All client data is hosted on servers located in Australia, ensuring compliance with local data sovereignty requirements.
- Data Retention: Clear policies on data retention periods, with options for clients to request data deletion.
- Transparency: Detailed privacy policy explaining how we collect, use, and protect data.
- User Empowerment: Clients have full control over their data, including the ability to access, modify, or delete their information.
- Australian Privacy Principles: Full compliance with the Australian Privacy Principles under the Privacy Act 1988.
- Industry Standards: Claras is finalising SOC2 security accreditation and certification, and is actively enhancing our security posture and best practices in data protection and information security management. Please visit trust.claras.ai to see live updates.
Our current practices align closely with the five Trust Services Criteria (TSC) defined by SOC2. Here's how we address each principle:
- Security:
- We employ industry-leading security protocols to protect your data from unauthorised access
- Our measures include encryption and multi-factor authentication
- We continuously update our defences to stay ahead of potential threats
- Availability:
- Our infrastructure is designed for high availability and reliability
- We utilise redundant systems and perform daily backups
- Processing Integrity:
- We prioritise the accuracy and reliability of our systems
- Continuous monitoring and validation processes automated testing maintain data integrity
- Our processes ensure data processing is complete, valid, and timely
- Confidentiality:
- Protecting your confidential information is paramount
- We implement strict access controls and encryption
- Only authorised personnel have access to production data
- Privacy:
- We adhere to stringent privacy policies and practices, as published on our website
- Our approach aligns with global data protection regulations
- We collect, use, and disclose personal data only in ways that respect user consent and regulatory requirements
- Security Training: Regular security awareness training for all employees.
- Vendor Assessment: Thorough security assessments for all third-party vendors and partners.
- Transparency: We are committed to clear communication about our security practices and any potential incidents.
For any questions or concerns about our security measures, please contact our team at hello@claras.ai.
Our security practices are continually evolving to address the latest threats and comply with emerging regulations.
Client file notes contain sensitive information that requires the highest level of protection. Here's why Claras offers peace of mind:
Your data never leaves home. All your client data is stored exclusively in Australian AWS data centres in Sydney. This isn't just a preference—it's a fundamental part of our security architecture.
We anonymise before AI processing. When processing file notes:
We automatically detect and redact personally identifiable information (PII)
Names, contact information, and addresses are replaced with generic placeholders
Only after this anonymisation does any AI processing occur
Once completed, the real information is restored in Australia
Security by design. End-to-end encryption:
All data is encrypted at rest (AES 256) and in transit (TLS)
Mandatory multi-factor authentication: Extra protection for all user accounts
Practice-level controls: Set your own data retention policies
Full ownership: Your practice owns all content created in Claras
Delete anytime: Permanently remove recordings and transcriptions after use
Your control, your way. You decide how long data is retained and who can access it. When deletion is requested, it's permanently removed from both the databases and backups, following AWS secure data destruction protocols.
Need a summary to send to your licensee? Request our Security and Privacy Information Sheet.
Trust Centre
Visit trust.claras.ai for live, transparent updates to our security status.
Cybersecurity Practices
Infrastructure Security
- Cloud Infrastructure: We leverage industry-leading cloud services, benefiting from their world-class security measures.
- Network Security: Our systems are protected by enterprise-grade firewalls and intrusion detection systems to prevent unauthorised access.
- Multi-Factor Authentication (MFA): Mandatory MFA (also known as 2FA) for all user accounts, internal systems access, and service provider accounts.
- Regular Security Audits: We conduct frequent internal security reviews to identify and address potential vulnerabilities.
Data Protection
- Encryption:
- All data is encrypted at rest using industry-standard encryption.
- Data in transit is protected using secure protocols.
- Sensitive information (e.g., access tokens, API keys) undergoes additional application-level encryption before database storage.
- Access Controls: Strict role-based access control ensures that employees only have access to the data necessary for their job functions.
- Data Redundancy: Regular backups protect against data loss.
Vulnerability Management
- Continuous Monitoring: We use GitHub to scan our codebase for vulnerabilities.
- Patch Management: Critical security updates are applied promptly, with a comprehensive update schedule for all systems.
Incident Response
- Incident Response Plan: A defined incident response plan is in place to address potential security events promptly.
Data Privacy
Data Handling
- Data Minimisation: We collect and retain only the data necessary for providing our services.
- AI Processing: No Personally Identifiable Information (PII) is ever shared with AI systems processing transcripts.
- Data Localisation: All client data is hosted on servers located in Australia, ensuring compliance with local data sovereignty requirements.
- Data Retention: Clear policies on data retention periods, with options for clients to request data deletion.
User Control
- Transparency: Detailed privacy policy explaining how we collect, use, and protect data.
- User Empowerment: Clients have full control over their data, including the ability to access, modify, or delete their information.
Compliance
- Australian Privacy Principles: Full compliance with the Australian Privacy Principles under the Privacy Act 1988.
- Industry Standards: Claras is finalising SOC2 security accreditation and certification, and is actively enhancing our security posture and best practices in data protection and information security management. Please visit trust.claras.ai to see live updates.
Our current practices align closely with the five Trust Services Criteria (TSC) defined by SOC2. Here's how we address each principle:
- Security:
- We employ industry-leading security protocols to protect your data from unauthorised access
- Our measures include encryption and multi-factor authentication
- We continuously update our defences to stay ahead of potential threats
- Availability:
- Our infrastructure is designed for high availability and reliability
- We utilise redundant systems and perform daily backups
- Processing Integrity:
- We prioritise the accuracy and reliability of our systems
- Continuous monitoring and validation processes automated testing maintain data integrity
- Our processes ensure data processing is complete, valid, and timely
- Confidentiality:
- Protecting your confidential information is paramount
- We implement strict access controls and encryption
- Only authorised personnel have access to production data
- Privacy:
- We adhere to stringent privacy policies and practices, as published on our website
- Our approach aligns with global data protection regulations
- We collect, use, and disclose personal data only in ways that respect user consent and regulatory requirements
Ongoing Commitment
- Security Training: Regular security awareness training for all employees.
- Vendor Assessment: Thorough security assessments for all third-party vendors and partners.
- Transparency: We are committed to clear communication about our security practices and any potential incidents.
For any questions or concerns about our security measures, please contact our team at hello@claras.ai.
Our security practices are continually evolving to address the latest threats and comply with emerging regulations.
Data security FAQ
Client file notes contain sensitive information that requires the highest level of protection. Here's why Claras offers peace of mind:
Your data never leaves home. All your client data is stored exclusively in Australian AWS data centres in Sydney. This isn't just a preference—it's a fundamental part of our security architecture.
We anonymise before AI processing. When processing file notes:
We automatically detect and redact personally identifiable information (PII)
Names, contact information, and addresses are replaced with generic placeholders
Only after this anonymisation does any AI processing occur
Once completed, the real information is restored in Australia
Security by design. End-to-end encryption:
All data is encrypted at rest (AES 256) and in transit (TLS)
Mandatory multi-factor authentication: Extra protection for all user accounts
Practice-level controls: Set your own data retention policies
Full ownership: Your practice owns all content created in Claras
Delete anytime: Permanently remove recordings and transcriptions after use
Your control, your way. You decide how long data is retained and who can access it. When deletion is requested, it's permanently removed from both the databases and backups, following AWS secure data destruction protocols.
Updated on: 24/03/2025
Thank you!