Security & Data Protection Features

Clear Ideas uses multiple layers of encryption: AES-256 encryption for data at rest, TLS/SSL for all data in transit, and application-level encryption for extracted content. Encryption keys are managed in a secure key management service with periodic rotation. All content is encrypted before storage, making it unreadable to Clear Ideas staff or systems.

Application-level encryption means all extracted document content is encrypted at the application layer before storage. Clear Ideas can perform vector search on encrypted data without exposing document content in plaintext to Clear Ideas administrators. File titles can remain available for fast filename matching, while document contents stay encrypted and inaccessible even to Clear Ideas staff.

Clear Ideas provides six distinct user roles with specific capabilities: Owner (full control), Admin (manage settings and users), Editor (modify all content), Uploader (contribute new files), Downloader (view and save offline), and Viewer (read-only, no downloads). Permissions are site-scoped, meaning users have different roles on different sites. This granular control ensures the principle of least privilege.

Yes, this is a core security feature. Viewers have read-only access to documents in-app without download capabilities. Downloaders can view and save files offline. This distinction is critical for VDR scenarios where you want external parties to review documents but limit their ability to retain copies. In-app viewing keeps content within the secure environment.

Enable 2FA in Settings > Security. Use any authenticator app (Google Authenticator, Authy, 1Password) to scan a QR code or manually enter the secret. After setup, you receive single-use backup codes for emergency access—store these securely offline. Best practice: require 2FA for all administrator accounts and regularly review Active Sessions to revoke unfamiliar devices.

Access Keys enable secure API, MCP, webhook, and public chat widget integrations. Create keys in Settings > Access Keys with specific scopes and optional expiration dates. Each key is shown only once after creation—store securely like passwords. Track key status (active, expired, revoked), last used time, and immediately revoke compromised keys. Regular rotation is recommended for security.

Dynamic watermarks automatically embed viewer-specific information (name, email, date, time) on PDFs. Each user and viewing session produces unique watermarks, making documents traceable if leaked. Configure watermark visibility by role—site owners can exempt themselves while ensuring external stakeholders (Downloaders, Viewers) receive watermarked versions. This deters unauthorized sharing and enables precise leak tracking.

Watermarking deters sharing by making documents traceable to the viewer. PDF redaction is used when certain users should only see a removed or obscured version of sensitive content. In Clear Ideas, finalized redactions can also affect the representation used for extracted text, AI summaries, search, and AI Chat for restricted roles.

Audit trails record user actions including document access, downloads, permission changes, user invitations, content uploads, deletions, AI chat conversations, workflow executions, search queries, and system configuration changes. Each entry includes timestamp, user identification, IP address, action type, and affected resources. Audit logs are immutable and exportable for compliance requirements.

Each Clear Ideas Site operates as an isolated security boundary with its own users, permissions, and content. Users cannot access content from Sites they are not authorized for, even if they have Clear Ideas accounts. Governed Agents and searches respect Site boundaries: users only retrieve data from Sites they can access. This supports multi-client or multi-project deployments with separate Site records.

Yes, Settings > Active Sessions shows all your current login sessions with device type, location, and last activity. Revoke individual sessions immediately if you notice unfamiliar devices or suspicious activity. This is especially useful after device loss or suspected account compromise.

Clear Ideas does not allow customer data sent to AI model providers to be used for model training. Your private data is sent only to process your specific request, only the minimum necessary context is shared, and provider-side handling is limited to secure processing and abuse monitoring controls. Your full dataset never leaves the secure Clear Ideas environment, and all transmissions are encrypted.

Clear Ideas uses AES-256 encryption, TLS/SSL for transmissions, role-based access control, audit logging, and regular security assessments. For current compliance information and detailed security documentation, contact our security team at security@clearideas.com or consult the Security Approach overview.