CT
Cleran Technology Digital Services & Consulting
Trust & Compliance

Confidentiality Policy

Cleran Technology commits to safeguarding every piece of information shared with us—commercial strategies, source code, infrastructure diagrams, customer data, and internal processes. This policy explains how we protect it.

1. Scope & Commitment

We treat confidentiality as a core delivery principle. All engagements—consulting, development, QA, automation—are covered by binding confidentiality clauses, non-disclosure agreements (NDAs), and strict information-handling procedures.

  • Applicable to prospects, clients, partners, and subcontractors
  • Enforced via Master Service Agreements (MSA), Statements of Work (SoW), and NDAs
  • Covers any intellectual property, data, credentials, or materials shared

2. Information Classification

We classify information received from clients to define handling rules:

  • Highly Confidential: Source code, architecture diagrams, security configurations, production data
  • Confidential: Business plans, pricing structures, product roadmaps, test plans
  • Internal Use: Project documentation, meeting notes, work-in-progress artifacts

Each category has defined retention, storage, and sharing rules to minimize exposure.

3. Access Control & Storage

Access is limited to authorized team members strictly on a need-to-know basis.

SSO & MFA Secure access to all project systems
Least Privilege Role-based permissions per workspace
Encrypted Storage Client assets stored in encrypted drives/vaults
Audit Logs Activity logs maintained for critical systems

4. Secure Delivery Practices

We align delivery workflows with security and confidentiality controls:

  • Use of private Git repositories, encrypted file-sharing, and secured CI/CD pipelines
  • Secrets stored in client-managed vaults (AWS Secrets Manager, Azure Key Vault, 1Password)
  • VPN or zero-trust network access for sensitive environments
  • Test data anonymization and masking when working with production-like datasets

5. Third-Party & Vendor Management

When subcontractors or tooling vendors are involved:

  • All third parties sign NDAs and adhere to the same security controls
  • Vendors are evaluated for compliance (ISO 27001, SOC 2) when handling client data
  • Access is time-bound and revoked immediately after the engagement

6. Incident Response & Breach Notification

Any suspected confidentiality breach triggers our incident response playbook:

  1. Immediate containment and isolation of affected systems
  2. Internal assessment to confirm scope and impact
  3. Client notification within contractually agreed timelines
  4. Joint remediation plan and post-incident review

7. Data Retention & Destruction

At project completion or upon request:

  • All assets are handed over to the client through secure channels
  • Local copies and backups are securely wiped following NIST 800-88 guidelines
  • We can provide destruction certificates or logs if required

8. Employee & Partner Obligations

All team members are bound by:

  • Employment contracts with confidentiality clauses
  • Initial and periodic security awareness training
  • Zero tolerance for unauthorized sharing or misuse of information

9. Contact & Questions

If you need a custom confidentiality clause, security questionnaire, or have concerns about information handling, contact our compliance lead:

Email: info@clerantechnology.cloud

Phone: (+34) 625 469 595

Business hours: Monday–Friday, 09:00–18:00 CET