How It WorksUse CasesPricingLogin

Security

How we protect your data, your callers' data, and the integrity of the Claryn platform.

Our Security Commitment

Security is not a feature at Claryn — it is a baseline requirement. Voice data is sensitive. Call recordings contain real conversations between real people. We treat this data with the seriousness it deserves at every layer of the stack.

Infrastructure Security

  • All data encrypted in transit using TLS 1.3
  • All data encrypted at rest using AES-256
  • Infrastructure hosted with established cloud and infrastructure providers
  • Network isolation with VPCs, private subnets, and strict firewall rules
  • DDoS protection and rate limiting on all public endpoints
  • Automated dependency and vulnerability scanning as part of deployment review
  • Access reviews and configuration hardening as part of ongoing operational maintenance

Application Security

  • Role-based access control (RBAC) — team members only see what they need
  • Multi-factor authentication (MFA) supported where available
  • API keys with scoped, least-privilege permissions
  • All API requests authenticated and authorised server-side
  • Input validation and output encoding to prevent injection attacks
  • Audit logs for all sensitive operations (agent changes, data exports, billing actions)
  • Automated dependency scanning for known CVEs on every deployment

Data Protection

  • Voice recordings and transcripts stored in isolated, encrypted object storage
  • Data retention policies configurable per account — set your own retention window
  • Complete data deletion within 90 days of account closure
  • No data used for training third-party AI models without explicit consent
  • No cross-customer data access — strict multi-tenant isolation
  • Caller memory profiles stored under your account — you own and control them

Access Controls

  • Production access is restricted to the small set of team members who need it to operate the service
  • Internal access to sensitive systems is logged and reviewed
  • Credentials are rotated and revoked when access is no longer required
  • We keep production access narrower than general product access

Incident Response

We maintain a documented incident response plan with defined escalation paths. In the event of a confirmed security incident affecting customer data, we will:

  • Contain the issue, investigate root cause, and revoke or rotate affected access where needed
  • Notify affected customers without undue delay where required by law or contract
  • Document remediations and improve controls to reduce the chance of recurrence

Responsible Disclosure

If you discover a security vulnerability in Claryn, please do not post it publicly. Email support@tryclaryn.live with:

  • A description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • Any proof-of-concept code (if applicable)

We will acknowledge your report within 24 hours, triage it within 5 business days, and keep you updated throughout the remediation process. We do not pursue legal action against researchers who act in good faith.

Compliance

  • Privacy controls documented in our Privacy Policy and GDPR page
  • Billing handled by Stripe, which manages card data within its own compliance scope
  • Customers remain responsible for configuring their calling workflows to meet local calling and consent laws

Contact

Security reports: support@tryclaryn.live
General security questions: support@tryclaryn.live