Enterprise-Grade Security

Your institutional data deserves the highest level of protection. Clema.ai is built with security at its core, designed specifically for higher education.

FERPA CompliantFERPA Compliant
SOC 2 Type IISOC 2 Type II
AES-256 EncryptionAES-256 Encryption

Your Data Never Leaves Your Control

No AI Training

We never use your institutional data to train our AI models.

No External Sharing

Your data is never sold, shared, or disclosed to third parties.

Full Data Ownership

You retain complete ownership and can export or delete anytime.

Security & Compliance Features

SOC 2 Type II Certified

Our infrastructure and processes are independently audited annually to verify compliance with trust service criteria for security, availability, and confidentiality.

FERPA Compliant

Designed from the ground up to support FERPA compliance. We act as a school official with legitimate educational interest and maintain strict data handling protocols.

End-to-End Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Your sensitive institutional data is protected at every stage.

SSO & SAML Integration

Seamlessly integrate with your existing identity provider. We support SAML 2.0, OAuth 2.0, and OpenID Connect for enterprise authentication.

Infrastructure Security

Secure Cloud Infrastructure

  • Hosted on enterprise-grade cloud infrastructure
  • Geo-redundant data centers for high availability
  • Regular backups with point-in-time recovery
  • DDoS protection and web application firewall

Access Controls

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • Session management and timeout policies
  • Audit logs for all data access

Network Security

  • Network segmentation and isolation
  • Intrusion detection and prevention
  • Regular vulnerability scanning
  • Penetration testing by third parties

Our Security Practices

Employee Security

All employees undergo background checks and security training. Access to customer data is strictly limited on a need-to-know basis, and all access is logged and audited.

Incident Response

We maintain a comprehensive incident response plan and will notify affected customers within 72 hours of any security incident. Our team is available 24/7 to respond to security concerns.

Regular Audits

We conduct regular security assessments including annual SOC 2 audits, quarterly vulnerability scans, and annual penetration testing by independent security firms.

Secure Development

Our development process follows secure coding practices including code reviews, static analysis, and security testing. All changes go through a rigorous review process before deployment.

Security
FAQs

Your data is stored in secure, SOC 2 certified data centers located in the United States. We use enterprise-grade cloud infrastructure with multiple layers of redundancy.

Yes, we can provide our SOC 2 Type II report under NDA. Please contact our security team at hello@clema.ai to request a copy.

Yes, we provide DPAs for all enterprise customers. Our DPA includes FERPA-specific provisions and can be customized to meet your institution's requirements.

Upon cancellation, you'll have 30 days to export your data. After this period, your data will be securely deleted from our systems, and we'll provide a certificate of destruction upon request.

Have Security Questions?

Our security team is here to help. Reach out to discuss your institution's specific requirements or request our security documentation.

Contact Security TeamView Privacy Policy