Demo Site — Mock experience for presentation purposes only
Intake Omnichannel Referrals A2A API Security
Book 15 min
Powered by Clarm
05 · Trust, Security & Compliance

Security controls designed
for regulated legal operations.

This page outlines the practical control posture behind the intake operating system: governance boundaries, data handling defaults, provider safeguards, and audit-ready operations.

SOC 2
Control Framework
ZDR
Provider Processing
24/7
Operational Coverage

Security Control Posture

SOC 2 audited controls and HIPAA-aligned safeguards for regulated legal workflows.

Trust Boundary Snapshot

Client systems own source records and business decisions. Clarm operates application controls, auditability, and policy enforcement. Model providers process inference requests under configured retention constraints. Outcome: clear boundary ownership for procurement and incident response.
Certifications & Compliance
SOC 2 Type II
Independently audited control design and operation with report-backed verification.
HIPAA
Controls and safeguards designed for sensitive legal and health-adjacent workflows.
Data Handling
Zero Data Retention (ZDR)
Model-provider inference paths are configured for zero retention where available. Customer data is excluded from model training by default.
Data Residency Options
Configurable residency and deployment choices for jurisdictional requirements.
On-Prem Deployment Option
Dedicated deployment path for customers requiring heightened operational control.
Retention & Deletion Defaults
Operational logs and metadata follow policy-based retention windows with controlled deletion workflows and legal hold support.
Tenant Isolation Model
Tenant-level logical isolation, scoped access boundaries, and encryption controls segmented by environment.

ZDR Model Providers

OpenAI
Configured with zero data retention for model-provider processing paths.
Anthropic
Configured with zero data retention for model-provider processing paths.
Provider boundary note: ZDR statements apply to configured model inference paths. Platform telemetry and support logs are governed by platform retention policy.
Security Features

Access Controls

Role-based access control — Granular permissions mapped to operational roles
Audit logging — Immutable event records (actor, action, timestamp, context) with export support

Incident Response & Escalation

Severity-based incident workflow with customer notification targets, documented escalation paths, and audit-ready post-incident reporting for security and legal stakeholders.

Audit Logging & Evidence

Evidence pack availability includes SOC 2 reports, security questionnaires, subprocessors, and control mappings used in procurement review cycles.
Procurement artifacts and detailed security documentation
compliance.clarm.com
End of demo · 5 of 5

Ready to explore a pilot?

Book 15 minutes to walk through what a 90-day pilot looks like for Maurice Blackburn — intake volumes, measurement framework, and go/no-go criteria.

Book a meeting with Marcus
cal.com/stormm/revenue-desk