Trust should be explained,
not implied.

Q

What data does Clairio access today?

Three inputs — CRM, billing, and product usage — and only what you explicitly provide during the beta. That means CSVs containing CRM pipeline fields, invoiced MRR/ARR actuals from your billing system, and product usage signals. No live CRM connection, no live billing system connection, no public web enrichment.

Q

Where does that data live?

In our application database (PostgreSQL on Supabase) and object storage for original CSV uploads. All data is encrypted at rest and in transit. Data is scoped to your workspace — no cross-tenant access.

Q

What will change at GA?

Direct connectors for all three inputs — CRM (Salesforce, HubSpot), billing (Stripe, Chargebee), and usage event streams — are planned. Every connector will be opt-in per workspace, and every field mapping will be visible and editable before any sync runs.

Limit

What data we will not touch.

Personal email, customer messaging threads outside the CRM, third-party enrichment without consent, and any data source you have not explicitly connected. Clairio does not browse the public web for your accounts.

Q

What can the AI do?

Reason about your uploaded data to produce scores, summaries, and recommendations. It writes narrative — QBR talking points, account summaries, revenue-gap explanations — and it ranks opportunities based on revenue signals.

Limit

What the AI does not do.

It does not write back to your CRM, does not send emails, does not trigger workflows in external systems, and does not act on customers on your behalf. Every output is a recommendation surfaced in the Clairio UI — you decide what to act on.

Limit

What about autonomous agents?

Clairio is not an autonomous agent. There are no background actions taken on your data outside of the scoring and summarization you trigger. If that changes at GA, it will be opt-in, disclosed clearly, and controllable per workspace.

Q

Which AI model is used?

Anthropic Claude today, via the Anthropic API. Your data is sent to Anthropic to produce a response, then returned. Anthropic does not train on API data by default. For teams that need stricter isolation, private deployment on AWS Bedrock and IBM watsonx is on the roadmap.

Q

Can users control what Clairio does?

Yes. Every upload is explicit. Every recommendation is reviewable. Every output is in the UI for inspection before any human acts on it. There is no setting that causes Clairio to take action on your behalf without you clicking.

Q

Are there permissions or roles?

Workspace-level access today. Role-based permissions (admin, member, read-only) and SSO (SAML / OIDC) are on the roadmap for the Team and Enterprise tiers.

Q

Can I delete my data?

Yes. Email hello@clairio.ai and we will remove your workspace data within 7 days and confirm in writing. Self-serve deletion is on the GA roadmap.

Q

Are there approval gates?

Not today — every action is manual. When Clairio ships connectors that can push back to a CRM or billing system, those will be opt-in with per-action approval by default.

Q

What integrations does Clairio support?

Today: CSV upload and email. Next: Salesforce, HubSpot, Stripe, Chargebee, Snowflake, and BigQuery. Every connector is opt-in per workspace and every field mapping is visible before sync.

Q

Is there a private deployment option?

Planned. AWS Bedrock and IBM watsonx.ai deployments are on the roadmap for Enterprise, with IBM supporting true air-gap via Red Hat OpenShift. See the Private Deployment page for architecture detail.

Q

Is Clairio SOC 2 certified?

Not yet. SOC 2 Type I is on the roadmap for post-beta. The architecture is built to be SOC 2 compatible today — encryption at rest and in transit, least-privilege access, audit logging — and we will publish the report when the audit completes.

Q

GDPR and data residency?

Clairio supports EU data residency on request during the beta via Supabase regional hosting. A formal DPA is available — email us and we'll send it.

Q

What about audit logs?

Workspace-level activity logs are captured today and surfaced at GA. CloudTrail-native logging is included in AWS Bedrock private deployments when they ship; watsonx.governance covers the IBM path.

Limit

What we have not done yet.

We have not completed SOC 2, HIPAA, or FedRAMP certification. If your procurement process requires any of those before an evaluation, tell us — we'll share our timeline and you can decide whether to engage now or later.