Frequently Asked Questions

We’ve gathered the most frequently asked questions about Cleardox so you can quickly get an overview of features, security, integrations, and pricing. If you can’t find what you’re looking for, you’re always welcome to contact us.

All Your Questions, Answered

Product Overview
AI & Technology
Security & Compliance
Integrations & Setup
Pricing
How does Cleardox work?

Cleardox automatically detects and helps remove personal and sensitive information in documents using a combination of machine learning and rule-based detection. The tool is assisted and always requires user review before finalizing results.

What categories of sensitive data can Cleardox detect?

Cleardox can detect sensitive and personal data across 20+ categories, including names, email addresses, phone numbers, addresses, SSN numbers, company information, dates, account numbers, authorization IDs, and geographic data such as regions and municipalities.

The tool also identifies additional sensitive content such as financial data, license plates, titles, and confidential information across documents.

Which languages does Cleardox support?

Cleardox supports all languages, although accuracy may vary depending on language complexity and available training data.

Which OCR technology does Cleardox use?

Cleardox uses an open-source OCR engine (Optical Character Recognition), specifically Tesseract. OCR processing runs automatically. Cleardox detects whether a document already contains machine-readable text. If not, OCR is applied automatically.

What are the technical requirements for running Cleardox?

Cleardox runs on Linux servers and requires a separate PostgreSQL database.

Resource allocation depends on deployment size, but we recommend at least:

  • 16GB RAM for both application and database servers
  • Minimum 4 CPU cores
  • CPU support for AVX512 instructions (for optimal performance), or alternatively a connected NVIDIA GPU
How does case sharing work in Cleardox?

Users can share cases internally with colleagues as either viewers or editors. External sharing can be enabled with additional security controls.

What are the support response times?

Standard business hours: 09:00–17:00 CET.

Support requests are prioritized based on impact (P1–P4):

  • P1: within 1 hour
  • P2: within 2 hours
  • P3: within 4 hours
  • P4: same business day
Is support available on banking holidays?

Yes. A technical on-call setup is available during Danish banking holidays (based on our headquarters in Copenhagen), with adjusted response times.

  • P1: within 2 hours
  • P2: within 8 hours
  • P3 & P4: next business day
How is support access to customer data handled?

Support access is strictly limited to authorized personnel only. Documents are transferred securely, and support staff have read-only access with no ability to modify data.

What does it mean that Cleardox generates a new PDF?

When a document is uploaded (regardless of format), Cleardox automatically creates a new PDF version during processing.

This ensures that redactions are permanent (non-reversible) and that full control over metadata and sensitive content is maintained.

Does Cleardox have an API?

Yes. Cleardox provides an API that allows integration with external systems. Through the API, you can upload documents, retrieve anonymized/redacted documents, and return processed files back into your systems. This makes it easy to integrate Cleardox into existing workflows.

Does Cleardox use customer data to train AI models?

No. Customer data is not used for training or continuous model retraining unless explicitly agreed in writing. Data is only used for processing and anonymization/redaction of documents. When using the banlist feature, no customer data is stored.

What technology does Cleardox use to detect sensitive information?

Cleardox uses a combination of rule-based detection and machine learning-based Named Entity Recognition. These methods can be used separately or together to maximize coverage.

Does Cleardox use generative AI or large language models (LLMs)?

No. Cleardox uses machine learning strictly for classification and extraction, not for generating text. This improves predictability and security.

Is Cleardox vulnerable to prompt injection or jailbreak attacks?

No. Since Cleardox does not accept prompts or generate text, it is not exposed to prompt injection or jailbreak-style attacks.

What machine learning models does Cleardox use?

Cleardox uses transformer-based models for named entity recognition that are trained on openly licensed and proprietary Cleardox datasets.

How accurate is Cleardox' AI?

Accuracy depends on category and document quality. Cleardox is optimized for high recall to minimize the risk of missing sensitive information.

How does Cleardox detect CPR numbers and similar identifiers?

CPR numbers are detected using rule-based patterns, including validation of date structures, which provides very high accuracy.

Can machine learning be disabled in Cleardox?

Yes. Machine learning can be disabled in specific configurations, for example to improve performance or meet special compliance requirements.

Does Cleardox use open-source technologies?

Yes. Cleardox is built using several open-source technologies as part of its software stack.
A full list of used libraries and licenses can be provided upon request.

Where is Cleardox hosted?

Cleardox is hosted exclusively on European servers. There are no third-country data transfers.

How does Cleardox protect customer data?

All customer data is encrypted both in transit and at rest. Access is strictly controlled using role-based permissions.

Does Cleardox support Single Sign-On (SSO)?

Yes. Cleardox supports Single Sign-On via standard technologies such as SAML, OAuth, and LDAP, typically integrated with Active Directory.

How are user roles and permissions managed?

Cleardox supports both administrator and user roles. Permissions are typically managed via Active Directory or directly within Cleardox.

Can administrators access other users’ cases?

By default, administrators cannot access other users’ active cases. This can be configured if required.

What administrative features are available in Cleardox?

As an admin user, you have access to a range of additional features. These primarily include the ability to create, share, and maintain shared categories, exhibit stamps, templates, and header and footer templates.

How does Cleardox handle multi-factor authentication (MFA)?

Multi-factor authentication is typically handled via the customer’s identity provider, such as Microsoft Entra ID, or via Cleardox’s own supported OTP.

Can Cleardox be deployed on-premise?

Yes. Cleardox can be delivered as an on-premise installation or as a dedicated isolated instance.

How does Cleardox monitor security and detect threats?

Cleardox uses runtime threat detection, infrastructure monitoring, and centralized logging to detect and respond to security incidents.

How long are log files stored?

Log files are stored for 1 year and are then automatically deleted.

Where are encryption keys (KEK) stored?

Cleardox uses an application-managed secret service rather than a hardware HSM or cloud KMS. The KEK is held in an encrypted secrets file (secrets.txt) that is loaded into the secret service at startup. The file is protected by AES-256 encryption with a password-derived key (using PBKDF2), and each entry is HMAC-SHA256 checksummed for integrity. The secret service runs as an isolated container in the cluster with the secrets file mounted as a volume. The password to unlock the file is supplied at service startup via an environment variable and is not persisted to disk.

Who can access the KEK management service?

Access to the secret service is restricted at two layers:

  • Network layer: The service is not exposed publicly. It is reachable only from within the internal network, on a private port.
  • Transport layer: The service uses mutual TLS (mTLS). Clients must present a valid certificate signed by the internal CA to establish a connection. Only the Cleardox backend application holds such a certificate, it is generated inside the cluster.


Cleardox personnel cannot access the underlying host and the default access privileges do not allow container exec or secrets viewing permissions, meaning that elevated permissions are needed to access the encrypted key and its password.

Is KEK access restricted during runtime?

Yes. At runtime, only the backend application can issue requests to the secret service, enforced by mTLS client certificate validation - the service rejects any connection that does not present a matching certificate. There is no API exposed to end users or external parties.

Are decryption requests logged?

We don't log every request as the application continously requests decryption so it would be a flood of logs with low signal. We log in aggregate to alert on suspicious behavior like bursty usage or use of a rotated key.

Does Cleardox support key rotation?

Key rotation is supported by a versioned multi-key scheme. A new key is introduced and it will be used for new incoming projects and documents. While the service continues to decrypt data protected by older keys.

Documents on the platform get deleted once the project is completed or after a timelimit. We monitor a count of how many projects a using the old vs the new key and the old key gets decomissions once it has 0 usage. The system keeps the newest key always. The keys creation timestamp is recorded, and the service logs the age of each loaded key at startup.

How are updates deployed in Cleardox?

Updates are tested in staging environments before being rolled out gradually to production systems.

How stable is Cleardox in daily operation?

Cleardox is built for high availability with monitoring and alerting to ensure stable day-to-day operations.

Does Cleardox have an ISAE declaration?

Yes. Cleardox’s security and internal controls are documented in an ISAE 3000 Type II assurance report with a high level of assurance.

The report describes our security processes, controls, and procedures related to the handling of customer data and the operation of the platform. You can download the report here.

Which systems does Cleardox integrate with?

Cleardox integrates with systems such as iManage, SharePoint, Acadre, Workzone, and other document and case management systems, either directly or via API.

How does Cleardox integrate with iManage and SharePoint?

Integrations use secure authentication flows. Cleardox only accesses documents that users already have permission to view in the source system.

How does Cleardox respect access rights in integrations?

Cleardox fully respects permissions from the source system. Users can only access and process documents they are authorized to view.

What is a user-based model in Cleardox?

In a user-based model, you pay per named user with access to the system. Pricing is tied to specific users regardless of usage volume.

What is a seat-based model in Cleardox?

In a seat-based model, you purchase a number of active users per month. Anyone in the organization can access the system, but only unique active users in a given month count as a seat.

What is the difference between seat-based and user-based pricing?

The seat model is based on active monthly usage and is flexible for fluctuating teams. The user-based model is based on fixed named users and is best for stable user groups.

What are the benefits of a seat-based model?

A seat-based model allows broad access without paying for all potential users. You only pay for those who actively use the system in a given month, making it flexible and cost-efficient.

How is pricing calculated in the seat model?

Pricing is based on the number of unique active users per month, regardless of how many different people use the system over time.

Which pricing model should I choose?

If usage is spread across many potential users, the seat model is usually best. If usage is limited to a defined group of users, the user-based model may be more suitable.

Does Cleardox offer fixed-price projects?

Yes. Cleardox offers fixed-price project engagements for larger, defined tasks such as data subject access requests (DSAR's). Pricing depends on document volume and complexity. Contact us for a tailored assessment.

Can I switch between pricing models?

Yes. You can switch models if your needs change over time.

Can the trial period be extended?

Yes. The standard trial period is typically two weeks, but extensions can be arranged if more evaluation time is needed.

What is the minimum subscription or project size at Cleardox?

Cleardox is typically offered either as a user-based model, a seat-based model, or as a project-based engagement.

The smallest setup will usually be either 1 seat, 3 named users, or a limited project based on a specific number of pages.

The exact price depends on your needs, data volume, and use case. Feel free to contact us to receive a tailored quote.

linkedin logo
linkedin logo
Security
FAQ: Frequently Asked Questions & Answers
Cookie & Privacy PolicyBrand guidelines
Price
BlogsCleardox Academy
Cleardox Team
CareersOur Mission
Contact Us
Get a free trial
contact@cleardox.io
Bag Elefanterne 1, 2. tv
1799 Copenhagen
CVR-nr. 40984992
© Copyright 2024 Cleardox

Cookies

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept
Cookie icon