// Trust & Security Report
Clari Inc. (merged with Salesloft, Inc., December 2025; combined entity operating as Salesloft)
Wingman (rebranded 'Clari Copilot') is the conversation intelligence module of the Clari revenue platform: call recording/transcription, real-time battlecards, objection-handling prompts, and CRM auto-update from call content. It feeds signals into Clari's broader forecasting/Revenue AI suite. Clari and Salesloft completed a merger in December 2025; the two companies' trust/compliance infrastructure is being consolidated (Clari's assurance.clari.com now redirects to trust.salesloft.com).
Certifications held
5
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on clari.com“Clari successfully completed its Service Organization Control (SOC 2) Type II examination with zero exceptions. This independent audit conducted by A-LIGN validates that Clari's security practices and controls meet the American Institute of Certified Public Accountants (AICPA) Trust Service Principles and Criteria for System and Organization Control.”
Verify on clari.com“ISO/IEC 27701 - Privacy Information Management System (PIMS)”
Verify on clari.com“Clari is committed to partnering with its customers and users to ensure that Clari is fully compliant with the requirements of GDPR. ... To comply with EU data protection laws around international data transfer mechanisms, Clari utilizes the European Union Model Clauses, also known as Standard Contractual Clauses.”
Verify on clari.com“CSA - Cloud Security Alliance (listed under 'Compliance Certificates and Attestations')”
> Show 4 unconfirmed / not-held certifications
source: clari.comThe Services are not intended to comply with HIPAA, and Clari is not a Business Associate under HIPAA. 'Prohibited Data' means (a) patient, medical or other Protected Health Information (PHI) governed by the Health Insurance Portability and Accountability Act (HIPAA)... Customers agree not to submit any Prohibited Data to the Services.
source: clari.comNo ISO/IEC 42001 badge or claim found on clari.com/security, the Assurance Center, or press releases as of this review. Not confirmed.
source: clari.comNo public evidence of PCI DSS certification on clari.com/security or the Assurance Center. Third-party aggregator sites (not the vendor) list 'PCI' among Clari's compliance claims, but no vendor-domain proof was found; graded not held pending vendor confirmation.
source: clari.comNo public evidence of a FedRAMP authorization on clari.com or the FedRAMP Marketplace search. Third-party review-aggregator sites mention 'FedRamp' but this is not corroborated on the vendor's own domain.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
US-headquartered (Clari, Inc., Sunnyvale, CA), hosted on AWS/GCP/Azure per GDPR page. Cross-border EU/UK/Swiss transfers use Standard Contractual Clauses / Data Privacy Framework. Clari lists an EU representative at Długa 72, 31-147 Kraków, Poland.
Clari's privacy policy states: 'Clari does not use, or allow our vendors to use, the data collected through these interactions to train or improve any AI models.' The Data Processing Addendum (dpa/2025-06-01) does not separately address AI training but restricts data use to purposes under the agreement and customer instructions. Clari's security page notes AI usage in its products is further governed by an 'AI Addendum' referenced in customer contracts, which was not publicly viewable in this review (contract-gated). No tier-specific training opt-out was found because the base policy states no training occurs at all; this should be re-verified directly with the vendor for enterprise contracts, especially post-merger with Salesloft.
// Security controls
Encryption in transit and at rest
Security program states controls 'Including encryption at rest and in transit, network security, administrative access control, systems monitoring, logging, alerting, and more.'
clari.comIndependent audits
Clari undergoes independent third-party audits to validate and certify security, data privacy, and compliance controls (SOC 2 Type II audited by A-LIGN).
clari.comStatus/uptime transparency
Real-time operational status and reliability visibility published at trust.clari.com.
clari.comVulnerability disclosure program
Clari engages with the security research community through a vulnerability disclosure program.
clari.comCall-recording consent controls (Wingman/Copilot specific)
Copilot enforces two-party consent handling: calls to phone numbers in two-party consent states/regions are never recorded regardless of user settings; offers active consent pages, email consent, and audio consent options before recording begins.
clari.my.site.comHIPAA / PHI restriction
Product is explicitly not intended for HIPAA-regulated data; customers are contractually prohibited from submitting PHI/'Prohibited Data'.
clari.com// Products & data scope
data: Call/meeting audio, transcripts, CRM field updates derived from conversations.
Originally standalone 'Wingman', acquired by Clari in 2022 and rebranded 'Clari Copilot'. This is the product actually referenced by the AIFOXX listing slug 'wingman-clari'.
data: CRM, pipeline, and activity data across sales org; combined with Copilot conversation signals.
Core Clari product that Copilot/Wingman signals feed into.
data: Outbound sequencing, engagement tracking; separate legacy conversation-intelligence tooling from Salesloft also exists post-merger.
Clari and Salesloft completed a merger in December 2025 to form a combined 'Predictive Revenue System'; the two companies currently run two separate conversation-intelligence systems (Copilot and Salesloft's own) pending platform consolidation. Buyers should confirm which entity's trust documentation currently governs a given product at time of purchase.
// What to watch
- This is NOT the sales conversation-intelligence 'Wingman' acquired by Clari. The correct vendor is 'Wingman by Clari' / 'Clari Copilot', found at trywingman.com and clari.com.
- HOST/MERGER TRANSITION: Clari and Salesloft merged in December 2025. Clari's Assurance Center (assurance.clari.com) now redirects to trust.salesloft.com, so the long-term home of Clari's compliance documentation is in flux. Re-verify trust center URL and certification scope at next review.
- THIRD-PARTY OVER-CLAIM CONTRADICTED BY VENDOR'S OWN CONTRACT: multiple third-party review/security-aggregator sites (not Clari itself) describe Clari as 'HIPAA compliant' and list 'PCI' and 'FedRamp'. Clari's own Master Subscription Agreement explicitly states the Services are 'not intended to comply with HIPAA' and that Clari is 'not a Business Associate under HIPAA', and no PCI DSS or FedRAMP badge appears on Clari's own security page. Do not list Clari as HIPAA/PCI/FedRAMP compliant based on third-party aggregators alone.
- trywingman.com could not be reached directly for this review (TLS handshake error on repeated attempts); its 'SOC 2 Type 1' blog post title suggests Wingman may have first attained a SOC 2 Type I as a standalone company before Clari's acquisition, prior to inheriting Clari's SOC 2 Type II. Not independently confirmed in this pass.
- AI Addendum referenced on clari.com governs AI-specific data use in customer contracts but was not publicly viewable (contract-gated); the 'no AI training on customer data' claim is sourced from the public privacy policy, not the AI Addendum itself.
// At a glance
Pricing model
SaaS subscription, per-seat/tiered enterprise pricing; not publicly published, requires sales contact.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Clari Inc. (merged with Salesloft, Inc., December 2025; combined entity operating as Salesloft)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.clari.com