Quiet by default.
Hardened by design.
The infrastructure layer beneath every Clientia workspace — encryption everywhere, least privilege by default, and an audit trail your general counsel will actually trust.
- Uptime
- 99.99%
- Encryption
- AES-256 · TLS 1.3
- Recovery
- RPO 5m · RTO 1h
- Residency
- EU · US
Trust, written into the architecture.
Security is most often a culture problem dressed up as a technical one. These are the four ideas every architectural decision is measured against.
- 01Least privilege
Access is a privilege, not a default.
Every role, every key, every endpoint defaults to closed. Access is granted explicitly, scoped narrowly, and reviewed on a quarterly cadence — not when something breaks.
- 02Encryption everywhere
No plaintext, anywhere it travels.
AES-256 at rest with per-tenant key isolation. TLS 1.3 in flight. Field-level encryption for the small set of columns where it actually matters — credentials, tokens, payment metadata.
- 03Continuous monitoring
Watching, so you don't have to.
Anomaly detection on auth, API surface and data egress. 24/7 paging on the rare event that warrants it. Logs are append-only, signed, and retained for the term of your contract.
- 04Auditability
Boring infrastructure. Trustworthy receipts.
Every meaningful action is recorded with actor, target, timestamp and request context. Exportable in SIEM-friendly formats. The kind of trail your general counsel will actually trust.
Where your data lives, and how it's held.
The shape of the system, plainly described — because the boring infrastructure layer is where most of our attention goes.
You choose the region your workspace lives in at provisioning. Your data is stored in that region. Backups replicate asynchronously to a DR replica in the partner region.
The boring layer, plainly described.
If your security team needs a paragraph for the spreadsheet, here's a paragraph. The full questionnaire is one click away.
- 01Access
Identity & access management
Single sign-on, multi-factor by default, role-based permissions scoped to the team and the workspace.
- SAML 2.0 SSO · Okta, Azure AD, Google Workspace
- SCIM 2.0 provisioning & deprovisioning
- WebAuthn / passkeys for admin actions
- Session inactivity timeouts & device records
- 02Encryption
Keys, certificates & secrets
HSM-backed key management with per-tenant isolation. Secrets never live alongside the code that uses them.
- AES-256 envelope encryption at rest
- TLS 1.3 in flight, end-to-end
- Per-tenant data encryption keys
- Quarterly automated key rotation
- 03Monitoring
Detection & response
Anomalies are surfaced as they happen — auth failures, unusual API patterns, data egress at the wrong shape.
- 24/7 anomaly detection on auth & egress
- Append-only audit log, signed and exportable
- Pager rotation with documented escalation
- Quarterly tabletop exercises
- 04Resilience
Backups, recovery & uptime
Replicated across availability zones, with point-in-time recovery, and DR drills the team actually runs.
- Point-in-time recovery · 5 min granularity
- Cross-AZ synchronous replication
- Cross-region asynchronous DR replica
- DR drills tested quarterly & documented
- 05Vulnerability
Hardening & patching
Continuous dependency scanning, code review on every change, and a bounty programme for the rest.
- Dependency scanning on every CI build
- Mandatory peer review & signed commits
- Coordinated disclosure · security@clientia.app
- 06Privacy
Data handling & retention
You decide what we keep, where it lives, and when it leaves. One-click export and a documented deletion path.
- GDPR & CCPA-aligned subject requests
- Configurable retention & soft-delete windows
- DPAs & sub-processor list available on request
- One-click export · CSV, JSON, SFTP
The certifications, plainly listed.
The shorthand your procurement team is looking for. Detailed reports are available under NDA — request the security packet from the contact form.
Reports and the latest sub-processor list available under NDA — see the security packet below.
When something does go wrong, this is the path.
Nothing is more important than what we do when something goes wrong. The path from detection to written post-mortem, on the record.
- T+0 · DetectAnomaly is surfaced.Continuous monitoring flags the deviation — auth, egress, latency, or a customer signal. The on-call engineer is paged within minutes.
- T+15 · TriageSeverity is named, owners assigned.On-call confirms scope and impact, opens the incident channel, and assigns commander, comms and customer-liaison roles.
- T+30 · ContainStop the bleeding, preserve the trail.Isolate the affected surface, revoke credentials if applicable, and snapshot logs and state for the post-mortem.
- T+1h · NotifyAffected customers hear from us first.If your data is involved, you get a written note from a human within the hour, with what we know and what we don't, and a follow-up channel.
- T+72h · ResolveRoot cause, eradicate, restore.Patch shipped, monitoring updated, and a written status page entry. Service restored under a verified-clean state.
- Within 14 daysPublic, blameless post-mortem.Timeline, root cause, customer impact, and the concrete changes we're making — published, signed, and on the record.
The technical details.
The questions procurement and security teams ask most often before signing.
Need the full security packet?
DPA and sub-processor list — bundled, signed, and routed within one business day.
- 01Data Processing Addendum
- 02Sub-processor list