Security at Clarissi

Built for operations leaders who need to trust the infrastructure before they connect their systems.

Credential encryption

All integration credentials (API keys, tokens, webhook secrets) are encrypted at rest using AES-256-GCM before storage. GCM mode provides authenticated encryption — each ciphertext includes an authentication tag that detects tampering before decryption. Credentials are never logged, never included in error messages, and never returned in API responses after the initial intake step. One-time access tokens are stored as SHA-256 hashes — the raw token is never persisted.

Organization isolation

Every skill execution, configuration record, credential, and execution log is scoped to a specific organization. Database queries enforce org ownership at the query level. There is no shared execution context between customer organizations.

Audit trail

All operator actions (customer linking, skill activation, mode transitions, viewer invitations, assessment publishing) are written to an append-only audit event log. The audit table is structured for SOC 2 Type II alignment. Customers can request audit log exports for their organization.

Webhook security

Inbound webhooks are verified using HMAC signatures from the source system. Payloads are deduplicated using SHA-256 hashing of the event ID or payload before processing. Failed webhooks are queued to a Dead Letter Queue with admin-controlled replay — no silent data loss.

Access control

Operator access requires explicit operator identity verification. Viewer access (for customer stakeholders) uses time-limited one-time tokens delivered via secure links. Viewer sessions are revocable by operators at any time. Write endpoints enforce role checks — viewer sessions cannot activate skills or modify configuration.

Data hosting

Clarissi is hosted on Railway with PostgreSQL. Data is stored in the United States. Sub-processors used in the platform include Anthropic (AI inference) and OpenAI (embedding generation for taxonomy matching). Data sent to AI providers is limited to the minimum context needed for the specific operation.

GDPR posture

Clarissi acts as a data processor on behalf of customers. Personal data flowing through skill executions (customer email addresses, order identifiers, support ticket content) is processed only to execute the configured automation and is not retained beyond the execution log. Contact [email protected] for data processing agreements.

Security questions?

For security-specific inquiries, vendor security assessments, or data processing agreements, reach out directly.

Contact us →