Privacy and Security
Voir en françaisData handling, hosting boundaries, and security controls for Claira.
Privacy and Security
Law firms and enterprise teams handling sensitive documents need clear answers on where data is processed and what controls are enforced. This page summarizes the current Claira architecture and data-handling controls.
Deployment regions
Claira is deployed in two independent regions. Each customer's data stays within the region they use — there is no cross-region replication and no cross-region egress for customer content.
- Canada — Google Cloud
northamerica-northeast1(Montreal). Reached athttps://nuix-ca.claira.to. - Australia — Google Cloud
australia-southeast1(Sydney). Reached athttps://nuix-au.claira.to. The Australia deployment runs inside a Google Cloud Assured Workloads workload with the Australia Regions and Support control package, which enforces region pinning at the platform layer.
The URL your team uses determines the region you connect to. For media scan staging workflows, Claira additionally enforces a regional allowlist at the application layer before any file can be staged.
How Claira processes model requests
Claira can route model requests to configured providers, including Google Vertex AI and optional provider endpoints configured by your deployment team. Model endpoints are pinned to the deployment region (northamerica-northeast1 for Canada, australia-southeast1 for Australia).
Per-request processing flow
Each scan follows a request-response workflow:
- Claira sends document text (and, for a media scan, the document's source file) to the configured model endpoint in your deployment region.
- The model returns a response.
- The response is saved to your Nuix field.
Claira does not use your customer content to train Claira-owned models.
Data stored by Claira
Claira stores operational metadata needed to run and support the product, such as scan records, billing state, and case-scoped configuration. This metadata is stored in the Claira service database in your deployment region.
Media scan staging (when used) is encrypted with customer-managed encryption keys (CMEK) in Australia, encrypted with Google-managed keys in Canada, access-controlled, and deleted after processing.
External processors
Depending on enabled features, Claira may use external processors for specific functions:
- Model inference endpoints configured for your deployment.
- Payment processing through Stripe for billing workflows.
- Transactional messaging providers for operational and billing notifications.
Core security controls
Authentication and access
Claira runs as a Nuix Discover extension and validates signed UI extension authentication tokens on backend API routes.
Encryption
Traffic between clients, Claira services, and configured providers is encrypted in transit. Sensitive secrets are injected at runtime from managed secret stores. The Australia deployment additionally uses customer-managed encryption keys (CMEK) for the Cloud SQL database and the media scan staging bucket; the encryption keys are stored in the Australian region.
Auditability
Claira records operational and billing events to support audit and troubleshooting workflows.
Regulatory alignment
Australia
The Australia deployment is structured to align with the Australian Privacy Principles (APPs) and the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988. Region pinning and CMEK are enforced by Google Cloud Assured Workloads. This is regulatory alignment, not an explicit certification.
Canada
The Canada deployment keeps all customer content and operational metadata within Canadian Google Cloud regions.
Summary for client communications
- Claira is deployed in two regions: Canadian Google Cloud (
northamerica-northeast1) and Australian Google Cloud (australia-southeast1). Each customer's data stays in the region of their deployment. - API access is protected by signed Nuix extension tokens and claim checks.
- Customer content is processed per request and is not used to train Claira-owned models.
- Operational metadata is stored to support billing, troubleshooting, and audit requirements.
- Additional subprocessors may be used depending on your enabled features and deployment configuration.
Need help? Contact us at support@claira.to.
Was this page helpful?
Continue reading
How monthly invoice billing works
How Claira bills accounts on a monthly invoice, how mid-cycle plan changes are handled, and what happens when you cancel.
Opt-in controls for sensitive cases
How Claira's opt-in design at the case and user-group level lets administrators keep restricted matters out of AI processing entirely.