// Trust & Security Report

    Clari Inc. logo

    Clari Inc.

    Enterprise Revenue Orchestration platform with AI agents, sales engagement, forecasting, and pipeline management; includes Clari Copilot (AI assistant), Align, and Groove products

    Certifications held

    5

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    Achieving SOC 2 Type II with zero exemptions reinforces Clari's focus on information security and validates Clari's commitment to protecting all customer data in accordance with stringent industry standards and best practices. Undergoes an annual SOC 2 type II audit with the report available in Clari's security portal.

    Verify on clari.com
    ISO/IEC 27001 (Information Security Management System)
    HELD

    Clari received ISO 27001 accreditation for its information security management system (ISMS)... certification was awarded by the International Standard Organisation (ISO)... BSI Group, a standards certification leader, conducted the independent audit. Clari maintains the certification through annual audits by an accredited certification body.

    Verify on clari.com
    ISO/IEC 27701 (Privacy Information Management System)
    HELD

    ISO/IEC 27701 - Privacy Information Management System (PIMS). Clari undergoes independent third-party audits to validate and certify security, data privacy, and compliance controls.

    Verify on clari.com
    GDPR Compliance
    HELD

    Clari is committed to partnering with its customers and users to ensure that Clari is fully compliant with the requirements of GDPR. To comply with EU data protection laws around international data transfer mechanisms, Clari utilizes the European Union Model Clauses, also known as Standard Contractual Clauses, to meet adequacy and security requirements for customers who operate in the EU.

    Verify on clari.com
    Skyhigh CloudTrust Enterprise-Ready Rating
    HELD

    Clari received the enterprise-ready classification, meaning its sales execution platform fully satisfies the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection. Validates Clari's commitment to security through independent assessment using Cloud Security Alliance (CSA) criteria.

    Verify on clari.com
    > Show 3 unconfirmed / not-held certifications
    HIPAA Compliance
    NOT CONFIRMED

    The Services are not intended to comply with HIPAA, and Clari is not a Business Associate under HIPAA. Prohibited Data includes: patient, medical or other Protected Health Information (PHI) governed by the Health Insurance Portability and Accountability Act (HIPAA). Clari has no liability for Prohibited Data.

    source: clari.com
    CSA STAR Certification
    NOT CONFIRMED

    Security page mentions CSA but no STAR certification found. Clari received Skyhigh CloudTrust Enterprise-Ready rating (CSA criteria-based evaluation), but this is not the same as CSA STAR certification.

    source: clari.com
    ISO/IEC 42001 (AI Governance Management System)
    NOT CONFIRMED

    No public evidence of ISO 42001 certification found on vendor domain or official security pages.

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    United States (primary hosting)

    Clari explicitly states: 'Clari does not use, or allow our vendors to use, the data collected through these interactions to train or improve any AI models' for website, chatbot, and recruitment data. However, the Copilot (product AI agent) Terms of Service do not explicitly address whether conversation data from the platform is used for model training. This represents an information gap for the AI product itself.

    // Security controls

    Encryption in transit

    Supported - standard for all enterprise SaaS

    clari.com

    Data residency

    US-based data centers

    Third-party data transfers

    Clari and sub-processors may transfer, store, and process Customer Data in locations other than Customer's country to the extent needed to provide the service

    clari.com

    Data deletion on termination

    Customer data handled per Data Processing Addendum

    clari.com

    Sub-processor disclosure

    Clari maintains published list of sub-processors and requires GDPR compliance through Master Service Agreements

    clari.com

    Breach notification

    72-hour notification within GDPR framework

    clari.com

    Chief Security Officer

    Steve Gentry appointed as Chief Security Officer

    clari.com

    // Products & data scope

    Clari Revenue PlatformRevenue Intelligence & Orchestration

    data: Sales pipeline data, email/calendar metadata, CRM data, conversation data

    Core platform managing 5T in revenue for 1,500+ customers. Handles customer relationship management, forecasting, and pipeline analytics.

    Clari CopilotAI Agents & Automation

    data: Call recordings, meeting data, deal context, conversation metadata

    AI agent for conversation intelligence and coaching. Integrates with Zoom, Google Meet, Microsoft Teams. Terms of Service do not explicitly address whether conversation data is used for model training.

    AlignSales Engagement

    data: Sales workflow automation data

    Sales engagement and prospecting product. Operating status reported as 100% uptime over 90 days.

    GrooveSales Tools

    data: Sales execution data

    Sales execution platform component. Operating status reported as 100% uptime over 90 days.

    // What to watch

    • HIPAA regression: Earlier press materials reference HIPAA compliance, but the current MSA (2025-07-01) explicitly states 'The Services are not intended to comply with HIPAA.' Customers cannot submit patient or medical information. This represents a change in vendor posture that should be clarified.
    • AI training ambiguity for Copilot: While Clari clearly states it does not train on website/recruitment data, the Copilot product's Terms of Service do not explicitly address whether conversation data, call recordings, or other product interactions are used for AI model training or improvement. This should be verified directly with vendor for product data handling.
    • CSA vs STAR distinction: Security page mentions Cloud Security Alliance (CSA) but does not claim CSA STAR certification specifically. The vendor has Skyhigh CloudTrust rating (which uses CSA criteria) but this is distinct from CSA STAR.
    • No ISO 42001 evidence: No public evidence of ISO/IEC 42001 (AI Governance) certification found, despite AI being a core feature. This is an emerging standard and may not yet be pursued by vendor.

    // At a glance

    Pricing model

    Per-user subscription SaaS model (not publicly specified on free tier basis)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Clari Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-06. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    assurance.clari.com

    > Browse all vendor trust reports