ClearFoxYour data stays on
your servers
ClearFox is self-hosted. Your business data is queried in real time and never stored outside your infrastructure. You choose the AI model — cloud API or fully local. Here's how we keep it safe.
Data flow diagram
What stays inside your network vs. what goes outside
SSO login, chat interface
Auth, RBAC, chat, limits
30+ isolated containers
Receives question context + tool results. Never raw data dumps. Not used for training. Your API key, your data processing terms.
Runs on your GPU hardware. Nothing crosses the network boundary. Full air-gap support.
Protection against data leaks
Your business data never leaves your infrastructure. Here's how each layer ensures that.
Fully self-hosted
Runs as Docker containers on your own servers. No cloud SaaS, no shared infrastructure, no third-party data processing.
Network isolation
MCP connectors run in an isolated Docker network. They talk only to the ClearFox portal — never to the outside internet.
No data storage
Business data is queried in real time and never cached or stored. Chat history is saved in your local MongoDB — not on our servers.
AI response filtering
Built-in filters prevent the AI from exposing SQL queries, table names, code snippets, or internal system details in responses.
Controlled actions
Connectors can read data and perform actions (create tickets, send messages, open MRs). You define exactly which actions are allowed per role.
Your own API keys
For cloud models, you bring your own Anthropic or OpenAI key — ClearFox never sees it. For local models, no external keys needed at all.
Protection against unauthorized internal access
Not every team member should see every data source. ClearFox has granular controls to ensure people only access what they're authorized to see.
Role-based access control
SSO authentication
Microsoft 365 and Google OAuth. Users log in with their corporate account. No separate passwords to manage.
Domain restriction
Only email addresses from your corporate domain can sign up. Each new user must be approved by an admin.
Custom AI prompts per role
Each role gets a custom system prompt that shapes how the AI responds. Finance gets financial context, engineering gets technical context.
Audit trail
Every question and response is logged in your local database. Admins can review what data was accessed and by whom.
Per-user usage limits
Set monthly token budgets per user. Track usage by model. No surprise bills, fair resource allocation.
Admin approval workflow
New users need admin approval before they can access the system. Revoke access instantly when needed.
ClearFox vs. cloud AI tools
Why self-hosted AI is the only option for sensitive business data.
| Feature | ClearFox | Cloud AI |
|---|---|---|
| Data stays on your servers | ||
| No vendor has access to your data | ||
| Role-based data access | Partial | |
| Works with your existing SSO | Partial | |
| Choose cloud or local AI model | ||
| Audit trail in your database | ||
| No internet required for data queries | ||
| Custom AI behavior per role |
Built for European data protection standards
ClearFox's self-hosted architecture is inherently GDPR-friendly. Your company is the data controller — we are not a data processor for your business data.
Your company = Data Controller
All user data, chat history, and business data stays in your MongoDB on your infrastructure. You manage the full data lifecycle — creation, retention, deletion.
ClearFox = Software vendor
We provide the software as Docker images. We have no access to your data, API keys, or user information. The only data we receive is your license key for validation.
EU-hosted infrastructure
Our OAuth proxy and license server run on Hetzner in Germany (EU). No customer data is transferred outside the EU by our services.
Full air-gap option
Use local AI models (Ollama, vLLM) and self-host the OAuth proxy to eliminate all external data transfers. ClearFox works fully air-gapped.
ISO 27001:2022 aligned
ClearFox implements technical security controls aligned with ISO 27001:2022 Annex A, covering access control, cryptography, operations security, and secure development.
Access control & authentication
Role-based access control, SSO via Microsoft 365 / Google, password policy (complexity + change flow), invite-only registration.
Secure authentication
Session idle timeout (30 min), absolute session expiry (24 h), brute-force protection with rate limiting on login and registration.
Logging & monitoring
Structured audit log of all security events — logins, admin changes, role updates. Searchable in the Admin UI with filters and export.
Cryptography
All secrets (API keys, OAuth credentials) encrypted at rest with AES-256-GCM. TLS enforced via reverse proxy. Passwords hashed with bcrypt.
Secure development
Automated dependency scanning (Dependabot + npm audit), Content-Security-Policy headers, CI pipeline with security checks.
Security headers
CSP, X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Referrer-Policy. HSTS via reverse proxy (Caddy auto-provisions TLS).
Note: “ISO 27001 aligned” means ClearFox implements the technical controls described in Annex A. It does not imply formal ISO 27001 certification of ClearFox as a company. Certification requires an ISMS audit by an accredited body.
How integrations connect securely
ClearFox uses a lightweight OAuth proxy so you can connect Jira, Google, Notion, and 30+ tools in one click — without creating API keys or registering OAuth apps yourself.
Read the full OAuth & GDPR deep diveStop discovering problems in meetings
Let ClearFox surface risks, explain context, and create actions — every morning, before your first coffee. Any question answered in seconds. Deployed on your servers.