Data residency
Where is Clema data stored?
Clema stores data in secure, SOC 2 certified cloud data centers located in the United States, with a Data Processing Addendum and sub-processor disclosure available on request for FERPA and GDPR-compliant institutions.
The short answer
Clema stores data in SOC 2 certified data centers located in the United States, with geo-redundancy and point-in-time recovery. Clema reads from your sources and never copies data outbound. A Data Processing Addendum and sub-processor list are available on request.
How Clema handles your data
U.S. hosting, read-only access, no AI training, end-to-end encryption.
Data centers in the United States
Clema stores data in secure, SOC 2 certified cloud infrastructure located in the United States, with geo-redundancy across availability zones for high availability.
Read-only, governed connections
Clema reads from your sources and does not copy data outbound or write back without explicit permission. Data stays under the governance of your existing source contracts.
No AI training on your data
Your institutional data is never used to train Clema's models and is never sold, shared, or disclosed to third parties. You retain complete ownership and can export or delete it at any time.
Encryption everywhere
Data is encrypted at rest with AES-256 and in transit with TLS 1.3, with role-based access controls, MFA, and session timeout policies gating every query.
In a FERPA and GDPR context
FERPA
Clema stores and processes student data in U.S.-based, SOC 2 certified data centers, and acts as a school official with a legitimate educational interest. A BAA is signed with every customer.
GDPR
For GDPR-bound institutions or international campuses, Clema provides a Data Processing Addendum, sub-processor disclosure, and data-subject rights handling.
What your security team can request
For your CISO, data governance lead, or privacy officer. Turnaround is usually one business day.
Data residency FAQs
Where is Clema data stored?
Clema stores data in secure, SOC 2 certified cloud data centers located in the United States, with geo-redundancy and point-in-time recovery for high availability.
Does Clema store data outside the United States?
No. Clema data centers are in the United States. For institutions with international campuses or GDPR-bound data, we provide a Data Processing Addendum and sub-processor disclosure on request.
Can Clema support data residency requirements in FERPA and GDPR contexts?
Yes. Clema is FERPA-ready by design and supports GDPR compliance through a Data Processing Addendum, sub-processor disclosure, and data-subject rights handling, with read-only, governed data connections.
How does Clema read-only access affect data residency?
Clema reads from your sources and does not copy data outbound or write back without explicit permission. Your data stays governed under your existing source contracts, with source attribution and an audit trail on every query.
How do I request the sub-processor list or DPA?
Email [email protected] and our security team will share the sub-processor list and Data Processing Addendum, usually within one business day.
Need the residency pack?
Our security team will share the sub-processor list and DPA, usually within one business day.