Skip to content
Claras Support home
Claras Support home

Security & Privacy

At Claras, we prioritise the security and privacy of your client data and practice information. With SOC2 Compliance and robust cybersecurity practices, you're using a secure, reliable platform that supports your practice and licensee standards.

For live updates on our security posture and policies, visit trust.claras.ai.

Cybersecurity practices

Infrastructure security

  • Cloud-native architecture hosted in Australian AWS data centres.

  • Enterprise-grade firewalls and intrusion detection systems.

  • Mandatory multi-factor authentication (MFA) for all user accounts and internal systems.

  • Regular internal and external security audits to identify vulnerabilities.

Data protection

  • End-to-end encryption: AES-256 at rest, TLS 1.2+ in transit.

  • Additional encryption for sensitive data (e.g. API keys, tokens).

  • Strict role-based access controls ensure employees see only what they need.

  • Daily encrypted backups stored in-region with a 30-day recovery window.

Vulnerability management

  • Continuous monitoring of systems and codebases.

  • Critical patches applied promptly as part of a defined update schedule.

Incident response

  • A tested incident response plan for rapid action in the event of a security issue.

Data privacy

How we handle your data

  • Data minimisation: we collect and store only what’s necessary.

  • AI processing anonymises PII before analysis, with names and contact details replaced by placeholders.

  • All client data remains in Australia, complying with local sovereignty requirements.

  • Clear retention policies and the ability for practices to set their own deletion schedules.

Your control

  • You own all content created in Claras.

  • Delete recordings, transcripts, and notes at any time – they’re permanently removed from all systems, including backups.

  • Full transparency with a detailed privacy policy and user-access controls.

Compliance

We're SOC2 Compliant and align with Level 1 of the Essential Eight Maturity Model.

How we meet SOC 2’s five trust criteria

  • Security: Industry-leading protocols, encryption, and MFA protect against unauthorised access.

  • Availability: Redundant systems and daily backups ensure high uptime and data recovery.

  • Processing integrity: Automated validation and monitoring maintain data accuracy and reliability.

  • Confidentiality: Strict access controls and encryption safeguard sensitive information.

  • Privacy: We only use data in ways that respect user consent and comply with regulations.

Essential Eight alignment

We apply the Essential Eight strategies across our platform:

  1. Patch applications and operating systems routinely.

  2. Enforce multi-factor authentication at every level.

  3. Restrict admin privileges with least-privilege policies.

  4. Control application deployments within secure pipelines.

  5. Block Microsoft Office macros.

  6. Harden user applications during development.

  7. Encrypt and back up all production data daily.

Ongoing commitment

  • Regular security training for all staff.

  • Thorough security assessments for all vendors and partners.

  • Transparent communication about security practices and incidents.

Need a summary for your licensee?

Email support@claras.ai and request our Security and Privacy Information Sheet.

Frequently asked questions

Where is my data stored?

All data is stored in Australian AWS data centres (Sydney). Your client data never leaves the country.

How is sensitive information handled?

We anonymise and redact personally identifiable information (PII) before any AI processing. Real data is restored only after processing, and only within Australia.

Do you align with the Australian Privacy Principles (APPs)?

Yes. Claras is designed to meet the requirements of the Australian Privacy Principles (APPs) set out in the Privacy Act 1988. These principles regulate how personal information is collected, stored, used, and disclosed.

Can I control data retention?

Yes. Practices set their own retention policies for recordings and transcripts, and can delete file notes and documents at anytime. Secure deletion also applies to backups.

How do I set data retention?

Go to SettingsData in Claras. We recommend 14 days as a good balance between availability and security.

Who owns the data?

You do. Your practice has full ownership of all content created in Claras.

Last updated 2nd September 2025 by Stuart

Powered by Plain