Security architecture

Security is Claryn's foundation.

We protect your data, your operations, and your business's trust. Sensitive data, identities, files, integrations, and audit trails are protected by encryption, access controls, isolation, and continuous monitoring.

Download this material: PDF Executive summary PNG Shareable image

View Trust Center View all materials

Trust in every layer

6 security pillars integrated into the platform.

Security isn't a separate module. It's present in every layer — from storage to access and audit.

Strong encryption

Every file is encrypted with a unique DEK per file. Each organization has its own isolated KEK. No file is ever stored in plain text. Decryption only occurs for authorized users.

In transit: TLS 1.3At rest: AES-256

Unique DEK per file
KEK per organization
No files in plain text
Decryption only for authorized users

Data and PII protection

Personal and sensitive data is encrypted at the field level in the database. Keys are managed securely and isolated per organization, with data minimization and configurable retention.

Field-level encryptionKeys isolated per org

PII encrypted in the database
Keys managed in isolation
Data minimization
Configurable retention

Identity and Access

MFA required for sensitive and administrative access. SSO with Google and Microsoft. SAML 2.0 and OIDC for enterprise federation. RBAC with granular permissions and access policies based on role, scope, and environment.

SAML 2.0 and OIDCGranular RBAC

MFA required for admins
SSO with Google and Microsoft
SAML 2.0 and OIDC federation
Granular permissions by scope

Secure sessions and tokens

Short-lived access tokens with rotated refresh tokens. Session and device revocation. Automatic expiration by policy. Active session monitoring with visibility and control for both users and administrators.

Short-lived access tokensRotated refresh tokens

Short-lived tokens
Rotated refresh tokens
Revocation by session or device
Expiration by policy

Secure sharing

Upload and download via protected links with optional OTP and configurable expiration. Restricted and temporary permissions. Full audit log of accesses and downloads. Third-party access without exposing the internal admin environment.

Optional OTPLinks with expiration

Protected links with OTP
Configurable expiration
Temporary permissions
Full access and download audit log

Audit and traceability

Complete and immutable event trails. Logs of logins, accesses, changes, downloads, and administrative actions. Structured and exportable logs. Ready for SIEM integration and external audit reporting.

Immutable logsSIEM-ready

Immutable event trails
Logs of logins, access, and changes
Structured and exportable logs
SIEM integration

Security operations and engineering

Practices that sustain the platform.

DevSecOps

Security throughout the development lifecycle. Code scanning, dependency scanning, secret scanning, and security reviews.

Secure infrastructure

Isolated environments, secrets outside the code, continuous hardening, encrypted backups, and privileged access control.

High availability

Resilient, monitored infrastructure with disaster recovery to guarantee operational continuity.

Continuous monitoring

Real-time alerts, anomaly detection, event analysis, and rapid incident response.

Per-organization isolation

Secure tenancy with logical isolation of data, keys, and access between organizations.

Trust built on global standards

Commitment to end-to-end security.

LGPD by design

Privacy by design from inception.

ISO 27001 principles

Aligned with best security practices.

Audit-ready

Meets internal and external audit requirements with full traceability.

Certification roadmap

Independent assessments and certifications are part of our roadmap.

Security that drives trust and results

Claryn protects what matters to your business.

Data, identities, files, integrations, and audit trails — protected by design.

Talk to the team View Trust Center