Sign UpLogin
Trust & Compliance

Built to survive inspection.

CLAiRE is designed for environments where the auditor is the customer. Every architectural decision — tenant isolation, PII tokenisation, hash-chained evidence, read-only connectors — exists because a regulator asked us a hard question.

Request a Demo →Platform Architecture →
Certifications & standards

Third-party-audited where it counts.

Audit · SOC 2 Type II

SOC 2 Type II

Independent audit of security, availability, processing integrity, confidentiality, and privacy controls — performed over an extended observation window. Report available under NDA.

Standard · ISO/IEC 27001

ISO 27001

Information Security Management System alignment. Risk assessment, controls catalogue (Annex A), and continuous monitoring. Underpins our customer-segregation, key-management, and incident-response posture.

Standard · ISO/IEC 42001

ISO 42001 (AI Management System)

The first management-system standard for AI. CLAiRE's AI governance — eval harnesses, drift checks, 22-RCA linter, dual-track scorer — is built to satisfy 42001's lifecycle and risk requirements.

How we protect your data

Ten controls. Built in. Inherited by every appliance.

These are not options to configure — they are built into the platform. You get every one with every appliance, on every deployment.

Personal data never leaves your boundary

Sensitive fields are replaced with safe tokens before any AI model sees them. The originals stay inside your tenant, behind your encryption, with a short expiry.

Four layers of guardrails around every AI call

Bad prompts are filtered at the input. Tools are constrained at the agent. Sensitive data is filtered on tool results. The final answer is post-filtered before anyone reads it.

Five-tier classification with attribute-based access

Every record carries a sensitivity tier — Public, Internal, Confidential, Secret, Regulated. Access depends on who is asking, what they are cleared for, when, and from where.

Roles granted at the record level

Six roles — Owner, Admin, Editor, Operator, Viewer, Approver — each mapped to specific verbs on specific record types. No grant is implicit; every grant is auditable.

Tamper-evident evidence chain

Every action signs the previous one. If anyone tampers with the chain — anywhere — it breaks and the platform can prove it.

The AI cannot make things up

Before the AI queries your data, the platform checks the question against your real vocabulary. Hallucinated references are rejected before they touch your records.

Every answer is double-checked

Each AI answer passes a two-track check — strict rules and a second AI reviewer. Green answers proceed, amber escalates to a human, red is blocked outright.

Your own database, your own stack

In the cloud, every tenant gets a dedicated database — no shared storage. On-prem, you bring your own databases, message bus, identity provider, even your own AI model.

Air-gapped option available

For the highest-security environments, the platform runs entirely offline. No phone-home, no outbound calls, no surprises during your next inspection.

Outbound-only connectivity option

A small container in your network can pull from your on-prem systems (identity, HR, monitoring, even file shares) and push outbound to the cloud — so SaaS works even when your network is firewalled from inbound traffic.

Data classification

Five tiers. Attribute-based access. Enforced everywhere.

Sensitivity rides with the data — from your knowledge base, through every tool call, into the AI's working memory, and out to the final response. Closes leakage gaps that roles alone cannot.

PublicInternalConfidentialSecretRegulated
Choose how you deploy

Pick the shape that matches your security model.

CLAiRE Cloud

Multi-tenant SaaS

We run it; you focus on quality. Multi-region availability. Every tenant gets its own database — no shared storage. Security patches reach you fast.

Enterprise

On-prem, in your network

Runs entirely inside your infrastructure. Bring your own databases, identity, even your own AI model. Air-gapped option for the highest-security environments.

Embedded

Single-appliance turnkey

One appliance, one deployment. VM or Docker bundle. The smallest audit surface, the simplest path to value.

Regulatory alignment

Designed against the rules your auditors apply.

  • 21 CFR Part 11 — Electronic Records & Electronic Signatures
  • EU Annex 11 — Computerised Systems
  • FDA CSA — Computer Software Assurance
  • GAMP 5 — Risk-based system validation
  • ICH Q9 / Q10 — Quality risk management & quality systems
  • 21 CFR 820 — QSR for Medical Devices
  • 21 CFR 211 — cGMP for Finished Pharmaceuticals
  • ISO 13485 — Quality systems for medical devices
  • ISO 14971 — Risk management for medical devices
  • IEC 62304 — Medical device software lifecycle
  • EU MDR / IVDR
  • HIPAA · GDPR

Need our SOC 2 report, security questionnaire, or DPA?

Request the trust package and we'll send our SOC 2 Type II report under NDA, a security questionnaire response (CAIQ / SIG Lite), and our standard DPA.

Request trust package →

AI-native compliance intelligence for regulated health industries.

Built by FDA CSA contributors. Developed within an ISO/IEC 42001 certified AI governance framework.

© 2026 CLAiRE — a CGLabs product by Compliance Group. All rights reserved.

We use cookies to help give you the best experience on our site. By continuing you agree to our use of cookies.