Security & deployment

From cloud demo to fully air-gapped — without re-platforming.

The deployment tier is a configuration choice, not a different product. The same UI, the same APIs and the same analytical layer run whether you are piloting in the cloud or operating a fully isolated enclave.

Deployment posture
Tier 01
Managed cloud
Open / unclassified

Hosted CLERINT instance for OSINT and Media workloads. Onboarded in days. Ideal for public-facing analytical work and pilots.

Tier 02
On-premise / private cloud
Restricted / sensitive

Full stack on your infrastructure with SSO, hardened tenants and custom data feeds. Same UI, same APIs — your perimeter.

Tier 03
Air-gapped fusion
Classified / national security

One-command offline deployment on a fresh server. Local model, offline map tiles, no outbound network. The same product, fully isolated.

Security architecture

Objective, defensible, auditable — by design.

Role-based access

JWT + RBAC with Owner, Senior Analyst, Analyst and Viewer roles. Access is scoped to what each user needs.

Immutable audit log

Every action — every dossier viewed, every record exported — is written to an append-only audit trail for oversight.

Data sovereignty

Tenant isolation by design. In on-premise and air-gapped deployments, no data leaves the boundary you define.

Swappable AI

A cloud model for demos; an on-premise LLM (e.g. Llama 3.1 / Qwen 2.5) for production — abstracted behind one configuration flag.

Deploy CLERINT inside your perimeter.

Start with a scoped cloud pilot and move to on-premise or air-gapped when you're ready — the same product, your control.