Skip to content
CLMSpace
Book a demo

Last updated: 23 May 2026

Security

Template under legal review. This document is a working draft and has not yet been reviewed by qualified counsel. It must not be published externally without review and should not be relied upon as legal advice.

Security is a first-class design constraint at CLMSpace. The platform sits in the document layer of legal teams in regulated sectors; a single cross-tenant leak would be an extinction-level event. We assume hostile conditions and defend in depth.

Where your data lives

  • Your contracts stay in your Microsoft 365 tenant. CLMSpace reads PDFs and DOCX files from SharePoint folders you bind in Settings. The source files never leave your tenant; we operate on them via Microsoft Graph using delegated permissions you control.
  • Per-tenant Dataverse environment. The structured obligation graph — agreements, obligations, citations, lifecycle events, playbook entries — is written to a Dataverse environment scoped to your organisation. Each customer is provisioned a separate environment; there is no shared schema.
  • Per-tenant configuration in Dataverse. Standards, clauses, SharePoint bindings, and tenant settings are stored in a dedicated rc_tenantconfigrow scoped to your tenant id, so a mis-scoped request fails closed rather than returning another tenant’s data.

Tenant isolation

  • Per-request tenant context. Every API call resolves a tenant_id from the bearer key or session, sets it as a Python contextvar, and every downstream Dataverse / Graph / Anthropic call inherits that scope. There is no global ambient state.
  • Per-tenant Azure AD app registration for Graph and Dataverse calls. Credentials are stored as Container Apps secrets, never in source.
  • Inference scope guards. Every Anthropic API call is tagged with the active tenant; retrieval, prompt fill, and tool-call arguments are validated against that scope. Mismatch raises an alert.
  • Verification gate as a control surface. AI-derived obligations and standards never become authoritative without a human decision. The Review Queue records who approved what and when, giving you a single auditable choke-point between extraction and the house view.

Encryption

  • TLS 1.3 in transit; HSTS preload on all hosts.
  • AES-256 at rest via Microsoft-managed keys (Azure Storage, Dataverse, SharePoint). Customer-managed keys (CMK) available on the enterprise plan.
  • Container Apps secrets encrypted at rest; rotation supported with zero-downtime revision rollover.

Authentication & access

  • Microsoft Entra ID (Azure AD)for both end-user authentication into the app and the platform’s own service-to-service tokens. Your own tenant’s identity boundary governs who can sign in.
  • SSO via SAML/OIDC through Entra ID; conditional access enforced by your tenant’s policy (MFA, device compliance, named locations).
  • MFA mandatory for all CLMSpace staff accounts; production access is break-glass only, time-bound, peer-approved, and recorded in Azure activity logs.
  • Admin-only mutations (standards PATCH, clause delete, bindings, tenant prefs) require the caller to be on the tenant’s admin list checked on every request.

Model-provider controls

  • LLM inference via the Anthropic API direct, using our enterprise account with zero-retention terms. Your contract content is not retained beyond the request lifecycle and is not used to train models.
  • Two-model split for cost and quality: claude-haiku-4-5 for extraction, claude-sonnet-4-6 for consolidation and deviation analysis. Both run inside the same zero-retention contract.
  • The verification gate is the human checkpoint on every AI-derived fact; nothing the model produces flows into your authoritative house view without explicit user verification.

Citation grounding

Every extracted obligation is bound to a verbatim quote from the source PDF, plus a bounding-box co-ordinate that the citation viewer can use to highlight the exact sentence on the page. If the model can’t cite a passage, the obligation isn’t written. This is a correctness control, not just a UX feature.

Audit trail

  • Every lifecycle event on an agreement (extracted, confirmed, renewed, amended, terminated) is recorded as an immutable rc_lifecycleevent row with the timestamp and the user / process that triggered it.
  • Every obligation override is recorded as an rc_obligationedit row including the before / after values and the verifier.
  • Chat conversations with Ask CLMSpace are soft-deleted, never hard purged, so tenant admins retain visibility for audit.
  • Container App revisions are immutable; image digests are pinned and rollouts are recorded in Azure activity logs.

Data residency

  • UK South is the primary region for the Azure Container App runtime, ACR, and the Microsoft 365 / Dataverse tenant where most current customers operate.
  • For EU residency-constrained customers, the Dataverse environment can be provisioned in a Microsoft EU data centre at onboarding; inference traffic is routed to the corresponding Anthropic region where available.
  • Where a restricted transfer is unavoidable, the UK IDTA or EU SCCs are executed alongside the DPA and supplementary measures are applied per Schrems II guidance.

Software supply chain

  • Dependencies pinned and scanned; automated security updates on all repos.
  • Production deploys via Azure Container Registry; image digests are immutable per revision.
  • CI/CD via GitHub Actions with OIDC federation to Azure — no long-lived service-principal secrets in CI.
  • Container images built from a pinned Microsoft base, scanned, and digest-locked.

Incident response

We maintain a written incident-response plan with roles, paging rotation, forensics playbooks, and communication templates. Confirmed personal-data breaches are notified to affected customers without undue delay and in any event within 72 hours, in line with UK GDPR Article 33.

Attestations

  • The platform inherits the security posture of Microsoft Azure (ISO 27001, SOC 2 Type 2, ISO 27017, ISO 27018), Microsoft 365 (same plus the Microsoft 365 Compliance Manager controls), and the Anthropic enterprise contract (SOC 2 Type 2). Customers can request the underlying attestations from the relevant provider.
  • CLMSpace-level SOC 2 Type 1 is in scope, targeted for 2026; ISO 27001 under consideration for 2027.

Responsible disclosure

If you believe you’ve found a vulnerability, email security@clmspace.com. Please do not access other customers’ data or disrupt the Service. We commit to acknowledging within 2 business days and to keeping reporters informed through triage, fix, and coordinated disclosure.