> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getclaro.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Compliance

> How Claro protects your catalog data and meets enterprise compliance requirements.

## Data protection

* **Encryption in transit** — TLS 1.3 for all API and browser traffic.
* **Encryption at rest** — AES-256 for all stored data.
* **Per-workspace encryption keys** — available on Dedicated plans.
* **Data residency** — EU and US regions available; region is selected at workspace creation.

## Authentication & access control

* **Single Sign-On** — Okta and Azure AD on Dedicated plans.
* **Role-based access control** — per-catalogue permissions for read, edit, and approve. Reviewer roles restrict access to the Notifications surface only.
* **API security** — bearer token authentication with per-token scope and rate limiting.
* **Audit log** — complete activity log covering operations, record edits, approvals, sync events, and user management changes.

## Workspace isolation

Each workspace is isolated at the data layer. Cross-workspace access is not possible. All catalogue data, operation runs, and Knowledge Base content stay within the workspace boundary.

## Compliance

* **GDPR** compliant. Data Processing Agreement (DPA) available on request.
* **CCPA** compliant.
* **SOC 2 Type II** — audit in progress; expected completion Q4 2025.

Full compliance documentation is available at **[hello@getclaro.ai](mailto:hello@getclaro.ai)**.

## Self-hosting (Dedicated)

For organizations that require on-premises or private-cloud deployment:

* Kubernetes Helm chart for any cluster.
* Managed VPC setup in your cloud account.
* Air-gapped environment support (no external calls).
* On-premises installation with dedicated support.

## Responsible disclosure

If you discover a security vulnerability, please report it to **[security@getclaro.ai](mailto:security@getclaro.ai)**. We aim to acknowledge reports within 24 hours and provide a resolution timeline within 72 hours.
