Security & Compliance
Clariva AI handles personally identifiable contact data at scale across regulated industries. Our security program is designed to meet SOC 2 requirements, built from day one to withstand adversarial access and legal scrutiny.
TCPA consent, built into every send
Every automated message complies with the Telephone Consumer Protection Act. Non-compliant sends aren't just blocked by policy, they're architecturally impossible.
Political campaigns are exempt from the Do Not Call Registry, but TCPA consent for automated mobile messages applies in full and is enforced by the platform regardless.
Every client is manually verified by the Clariva AI team before account access is granted. Platform terms are accepted at signup, campaign launch requires typed confirmation, and account permissions are fully controlled by admin.
Every consent action, campaign launch, and contact upload is recorded with timestamps. Audit logs are retained and continuously improved we are committed to raising the security bar as the platform scales.
Voice cloning lifecycle
Signed Voice Cloning consent & release required before any sample
Zero data retention - synthesis happens in memory, nothing persists.
Voice models encrypted, scoped to client account.
Written deletion certificate available on request.
Data Security Architecture
Every layer is built on the assumption that client data is sensitive and targetable.
Field-level encryption
Phone numbers, names, and emails encrypted before database write. Direct access yields nothing readable.
Per-account encryption keys
Each client gets a unique key. Compromising one key cannot expose another client's data.
Strict tenant isolation
Every query scoped to the authenticated account. Application defects cannot cause cross-tenant exposure.
24/7 threat detection
API calls, traffic, and access patterns monitored continuously. Anomalies trigger alerts within minutes.
Mandatory 2FA
All accounts require two-factor authentication. There is no option to disable it. Ever.
PCI DSS Level 1
Card data handled through certified processing only. Card numbers never touch Clariva infrastructure.
Industry-specific Controls
Tailored compliance controls beyond our baseline security posture for every regulated sector we serve.
HIPAA-compliant data handling
Healthcare clients operate an enhanced tier with a signed Business Associate Agreement and additional safeguards for Protected Health Information. Clariva executes a BAA with any qualifying covered entity before PHI enters the platform.
Responsible disclosure
We welcome reports from security researchers. We do not pursue legal action against researchers who act in good faith, comply with applicable law, and provide reasonable time for remediation before public disclosure.