Security

Last Updated: January 2024

Security is fundamental to Claire's architecture. As an orchestration platform handling sensitive business workflows and data, we've built comprehensive security measures into every layer of our system.

Infrastructure Security

Application Security

Authentication & Authorization

• Multi-factor authentication (MFA) support
• Role-based access control (RBAC)
• Single Sign-On (SSO) integration
• Session management with automatic timeout
• Password policies enforcing complexity requirements

Data Protection

• Field-level encryption for sensitive data
• Data isolation between customer tenants
• Secure API authentication with rate limiting
• Input validation and sanitization
• Protection against OWASP Top 10 vulnerabilities

Audit & Monitoring

• Comprehensive activity logging
• Real-time security monitoring and alerting
• Intrusion detection systems
• Automated vulnerability scanning
• Security Information and Event Management (SIEM)

Operational Security

Development Practices

• Secure Software Development Lifecycle (SSDLC)
• Code reviews and security testing
• Dependency scanning for vulnerabilities
• Penetration testing by third-party security firms
• Bug bounty program for responsible disclosure

Access Management

• Principle of least privilege access
• Regular access reviews and revocation
• Privileged access management (PAM)
• Separation of duties for critical operations
• Background checks for personnel with data access

Incident Response

• 24/7 security operations center
• Documented incident response procedures
• Breach notification protocols
• Regular incident response drills
• Post-incident reviews and remediation

Compliance & Certifications

• HIPAA: Compliant with healthcare data protection requirements (details)
• SOC 2 Type II: Controls implemented, audit scheduled Q3 2026
• GDPR: Architecture designed to support EU data protection requirements
• CCPA: Architecture supports California privacy requirements

Data Residency & Privacy

We provide options for data residency to meet regulatory requirements. Customer data is processed and stored according to contractual agreements and applicable privacy laws.

Third-Party Security

All third-party vendors and subprocessors undergo security assessments. We maintain data processing agreements and ensure vendors meet our security standards and applicable regulatory requirements.

Security Training

All employees receive security awareness training, including:

• Secure coding practices for engineering teams
• Data handling and privacy requirements
• Phishing and social engineering awareness
• Incident identification and reporting
• HIPAA and compliance training for relevant roles

Responsible Disclosure

If you discover a security vulnerability in Claire, please report it responsibly to security@the-algo.com. We investigate all legitimate reports and work to address verified issues promptly.

Questions About Security?

For detailed information about our security practices or to discuss specific security requirements for your organization, contact our security team at security@the-algo.com