Security Overview
Estimated reading time: 8 minutes
How does clariBI protect your data? This overview covers authentication, encryption, access control, and data handling practices.
Authentication
clariBI uses secure token-based authentication for all requests. Tokens are short-lived and automatically refreshed.
- Password requirements: minimum 8 characters
- Multi-factor authentication (MFA): TOTP-based, using authenticator apps like Google Authenticator or Authy (Professional+ plans)
- Session management: configurable session timeouts, ability to view and revoke active sessions
Access Control
clariBI uses a 5-tier role-based access control (RBAC) system:
| Role | Permissions | Description |
|---|---|---|
| Owner | 35 | Full access including billing and security settings |
| Administrator | 29 | Broad access, limited billing/security |
| Analyst | 14 | Analytics and reporting focus |
| Member | 8 | Standard access (default for new users) |
| Viewer | 6 | Read-only access |
See RBAC Details for the full permission matrix.
Data Encryption
- In transit: all connections use HTTPS/TLS. Database connections support SSL.
- At rest: database credentials and API keys are stored encrypted.
- AI processing: data sent to the AI processing service uses encrypted connections. See AI Limitations for data handling details.
Audit Logging
clariBI logs user actions for accountability and compliance:
- Login and logout events
- Data source connections and disconnections
- Report generation and export
- Dashboard creation and sharing
- Role changes and user invitations
- Settings changes
Audit logs are available on Professional+ plans. See Audit Logs.
API Keys
For programmatic access, generate API keys from Settings > Developer > API Keys. Keys can be given a name, description, and optional expiry date. See API Authentication.
Security Guides
Ready to try clariBI?
Start your free 14-day trial. No credit card required.