Security & privacy

Security you can trust.

Your contracts contain your most sensitive business information. We treat security as a core product feature, not an afterthought.

Encryption at rest

All documents and data are encrypted at rest using AES-256 in Azure Blob Storage and Cosmos DB.

Encryption in transit

All communications use TLS 1.3. API endpoints enforce HTTPS. No data ever travels unencrypted.

Tenant isolation

Every read and write is scoped to your organization at the middleware layer. Cosmos partition keys, scoped JWTs, cross-tenant = 403.

Edge protection

Cloudflare WAF, DDoS mitigation, and bot protection on every request. Rate limits per-tenant; abuse handled at the edge before it reaches your data.

SOC 2 Type II

Independently audited controls across security, availability, and confidentiality. SOC 2 report available under NDA on request.

Data residency

Choose where your data lives. Deploy in US, EU, or Australia regions to meet local data sovereignty requirements.

Infrastructure & compliance

How it’s built.

Azure cloud infrastructure

Clment runs entirely on Microsoft Azure — Cosmos DB for metadata, Blob Storage for documents, AI Search for vector indexing, and Azure Foundry for AI inference. All services are enterprise-grade with built-in redundancy and high availability.

Authentication & access control

Authentication is handled by Contract Eagle Identity Server using industry-standard JWT tokens with JWKS validation. Role-based access control ensures users can only access their organisation’s data. API keys use scoped permissions with rotation support.

AI data handling

Contract content sent to AI models is processed via Azure Foundry (Azure’s hosted AI inference). Your data is never used to train models, never stored by the AI provider, and never shared with third parties. Processing is ephemeral — once a response is generated, the input is discarded.

Questions about security?

We’re happy to discuss our security practices, provide documentation for your vendor review process, or arrange a technical deep-dive with your security team.

Contact security team