Security

Your data is safe
by design

Security is not an afterthought at Clianta. Every layer of our platform is built with enterprise-grade protection, from encryption and access controls to infrastructure hardening and compliance.

Our practices

How we protect your data

Encryption at rest and in transit

All data is encrypted at rest with AES-256 and in transit over TLS. Sensitive credentials such as integration API keys and OAuth tokens get an extra layer of AES-256-GCM encryption at the application level before they ever touch the database.

Authentication and access control

Sign in with email and password, with Google, or with Microsoft. Role-based permissions across owner, admin, member, and viewer, plus per-user permission overrides, let you control exactly who can view, edit, or delete contacts, deals, and reports.

Infrastructure security

Hosted on Google Cloud. Inherits Google Cloud's automatic DDoS mitigation at the network edge, hardened network isolation, and the patching cadence Google maintains on the underlying compute fleet.

Audit logging

Every workspace action across auth, integrations, contacts, deals, sequences, workflows, calls, meetings, and AI actions is logged with timestamp, actor identity, and IP address. Standard plans retain logs for 12 months. Enterprise workspaces retain indefinitely.

Workspace isolation

Every record belongs to exactly one workspace. Every database query is scoped by workspace ID at the framework level, so customer data is never returned across workspace boundaries even by a misconfigured request.

Compliance posture

Clianta runs on Google Cloud, which holds SOC 2 Type II and ISO 27001. A Clianta-owned SOC 2 program and independent third-party penetration testing are on the roadmap and will be published as we complete them.

Responsible disclosure

Found a vulnerability? We appreciate responsible disclosure. Please email our security team and we will respond within 48 hours.

security@clianta.online