How ClaroArc Handles
Your Building's Data

Operational data only. Logically isolated. Human override on every automated action.

What Data We Touch and What We Don't

ClaroArc reads operational building data only: HVAC system signals, energy meter readings, occupancy sensor counts, and BMS data points.

We do not collect, store, or process personal data of building occupants or employees as part of the core platform: no names, no individual identities, no behavioral tracking of people.

Where a client integration requires limited business contact information (for example, a facility manager's email for alerts), this is treated as standard business data, not personal data requiring special handling.

Your Building's Data Stays Yours

Each building's data is logically isolated within our platform.

Insights, recommendations, and optimization models generated from one building's data are never used to train or improve outcomes for another customer's building.

Your operational data is used exclusively to optimize your own facility. It does not leave that boundary.

You Stay in Control

ClaroArc's AI layer operates as a recommendation and visibility tool first. Any automated control action is configurable with human override. Your facility team retains final authority over what executes on your building systems.

No AI-generated action bypasses your existing BMS access controls or operator approvals.

Technical Controls

  • Data encrypted in transit and at rest
  • Role-based access control: only authorized ClaroArc personnel can access client data, scoped to operational need
  • Cloud infrastructure hosted on industry-standard providers
  • Non-invasive integration: ClaroArc sits atop your existing BMS/HVAC infrastructure without requiring hardware replacement or root-level system access

Regulatory Alignment

ClaroArc operates as a Data Processor under India's Digital Personal Data Protection Act, 2023 (DPDP) and aligns its data handling practices accordingly, including purpose limitation and data minimization.

A standard Data Processing Agreement (DPA) is available for review and execution alongside any pilot or service agreement.

Read our full Privacy Policy →

Where We're Headed

As an early-stage platform, formal third-party certifications (ISO 27001, SOC 2) are on our roadmap as we scale beyond pilot deployments, consistent with standard timelines for early-stage SaaS companies.

We're happy to walk any prospective client's IT or security team through our current architecture and controls in detail before pilot kickoff.

Questions about security or data handling? Email us at security@claroarc.com. We aim to respond within 2 business days.