C.L.A.R.A.

Compliance Layer for AI Risk and Accountability.

See AI adoption. Set policy. Build audit-ready evidence.
Keep content private.

Privacy by design
01
Local detection
02
Metadata-only events
03
Explainable controls

The problem

AI adoption has moved. Governance has not caught up.

Employees already use ChatGPT, Copilot, Claude, Gemini and Perplexity inside real workflows. Most organisations still rely on policy documents and self-reporting rather than a reliable operating view of what is actually happening.

01

Unseen adoption

Unknown tools enter daily work through workflow convenience, not formal procurement, faster than annual policy reviews can track.

02

Unclear policy

Teams interpret risk on their own. There is rarely a clear action at the point of use: allow, warn or block.

03

Weak evidence

Reviews begin without a reliable record. When legal, security or audit asks, organisations reconstruct AI use from memory.

The visibility gap

The real question is not whether AI is being used. It is whether leadership can see it well enough to govern it.

Q.01

Which AI tools are being used today?

Q.02

Which departments or roles are using them?

Q.03

Which tools are approved, warned or blocked?

Q.04

Which usage is governed and which is unmanaged?

Q.05

Where do policy interventions actually happen?

Q.06

What evidence exists if legal, security or audit asks?

The regulatory context

The obligation is already here.

Three frameworks. Active enforcement. No grace period for missing records.

01

EU AI Act

Phased application is underway. Organisations using AI in professional workflows must document usage, classify risk and demonstrate oversight. The evidence standard is not retrospective. It must be built in real time.

02

GDPR

Enforcement now reaches AI data flows. Regulators scrutinise which tools employees use, what data enters them and whether a policy existed. The absence of a record is itself a finding.

03

NIS2 Directive

For organisations in scope, NIS2 requires documented controls over the tools used in operations. Unmanaged AI use, including Shadow AI, is an uncontrolled surface in that picture.

Organisations that govern AI use now will enter audit cycles with evidence. Those that don’t will reconstruct from memory.

Why C.L.A.R.A.

One control layer. Visibility, policy and evidence.

C.L.A.R.A. gives teams a practical way to govern AI use without turning governance into surveillance.

See

Know which AI tools are in use.

Adoption and Shadow AI become visible.

Control

Apply clear action at the point of use.

Allow, warn or block by policy for behaviours such as sharing API keys, uploading confidential files, sharing confidential company data, pasting source code, uploading sensitive documents, or sharing credentials and secrets.

Prove

Create a record teams can review.

Metadata supports audit and reporting.

From browser to control

A clear path from interaction to oversight.

Detection and policy decisions happen locally in the browser. The backend receives structured metadata only.

01

Browser extension

Enrolled user context for each session.

02

Local detection & policy

Risk category and action decided in the browser.

03

Metadata-only flow

A structured event record moves forward.

04

Dashboard & controls

Review, report and govern across the organisation.

Content stays local: only tool, timing, category, severity & action move forward.

Privacy architecture

Privacy is architecture, not a setting.

The differentiation is not “collect everything and analyse later.” Detection runs locally; only structured metadata is recorded.

Local

Inside the browser

Classify risk category.

Apply allow, warn or block for risks such as sharing API keys, uploading confidential files, sharing confidential company data, pasting source code, uploading sensitive documents, or sharing credentials and secrets.

Metadata

Inside the backend

Record tool, timing and severity.

Support review and audit.

Never collected

No prompts No responses No page content No file contents No screenshots No keystroke logging
Read full Privacy Policy

What’s in the product

Seven surfaces, one governance layer.

The core platform is live in pilot: a Google Chrome and Edge browser extension, a Fastify API and a Next.js dashboard, all built around the metadata-only boundary.

01

Google Chrome and Edge browser extension

A quiet control point for enrolled users.

  • Persistent enrollment
  • Health and policy status
  • Active session awareness
Metadata only
02

Warning overlay

A clear intervention before a risky action.

  • Explain the policy action
  • Let the user acknowledge
  • Record metadata only
Metadata only
03

Policy controls

Simple rules that teams can apply.

  • Allow, warn or block risky behaviours
  • Flag sharing API keys, uploading confidential files, sharing confidential company data, pasting source code, uploading sensitive documents, or sharing credentials and secrets
  • Apply group overrides
Metadata only
04

Shadow AI discovery

Bring unknown AI tools into view.

  • Find unapproved tools
  • Review each discovery
  • Approve or block
Metadata only
05

Risk activity & dashboards

A clear view of risk signals across the organisation.

  • See risk categories
  • Review severity and action
  • Move from signal to policy
Metadata only
06

OIDC access & roles

Organisation access and role controls for secure deployments.

  • OIDC sign-in today
  • IT, CISO and employee access gates
  • SAML and SCIM on roadmap
Metadata only
07

Reporting & audit trail

Structured evidence ready for review.

  • Event log and CSV export
  • Report summaries
  • Admin audit trail
Metadata only
·

Structured evidence for governance reviews and audit readiness.

A working platform today, with scale, identity and assurance layers maturing on the enterprise roadmap.

What C.L.A.R.A. can show today

Adoption, posture and evidence in one operating view.

Organisation administration, policy controls, Shadow AI review, leadership pages and an employee self-view. Every figure is metadata-derived.

C.L.A.R.A. dashboard: Overview

Overview: adoption, governed vs unmanaged usage and policy posture at a glance.

What AI-visible organisations look like

From no visibility to governed AI adoption.

Most mid-sized companies sit between Level 1 and Level 2. The practical goal is to reach Level 3, organisation-wide observability, before promising full enterprise governance.

Level 01
01

No visibility

AI is being used, but the organisation has no dependable view.

Level 02
02

Basic awareness

Leadership knows some tools are in use, but the picture is incomplete.

Level 03 · the goal
03

Organisation-wide observability

Adoption, policy posture and unmanaged usage all become visible.

Level 04
04

Governed AI adoption

Visibility, controls and evidence work together as an operating system.

Pilot readiness

Ready for focused pilot deployments and structured rollout planning.

The core product is live. Scale, identity and assurance layers continue to mature. We say clearly what C.L.A.R.A. does and does not yet claim.

Pilot-ready · working platform

What runs today

  • Google Chrome and Edge browser extension with local detection
  • Fastify API and metadata-only event flow
  • Next.js dashboard with multi-role views
  • OIDC sign-in and organisation roles
  • Policy, Shadow AI discovery and reporting
Pilot expansion · enterprise roadmap

What’s coming next

  • Production database (Postgres) and retention
  • SAML and SCIM
  • Managed extension distribution
  • Desktop and proxy coverage for AI app usage beyond the browser
  • Trust-optimised Web Store packaging
  • Formal SOC 2 programme

Pilot programme

Request a C.L.A.R.A. pilot.

Turn AI usage from speculation into a measurable operating picture: a visibility assessment, policy posture setup, extension rollout and findings review.

Pilot window3–6 weeks
Initial cohort5–50 employees
  1. Scope & rollout

    Focused deployment to a defined group with Shadow AI discovery, policy review and live warn or block flows.

  2. Structured onboarding

    Guidance for IT, calibration for security and compliance, and employee transparency framing from day one.

  3. Governance review at close

    Leadership-ready summary of usage posture, policy outcomes and next-stage recommendations.

Pilot requests are reviewed directly by the C.L.A.R.A. team. We currently prioritise organisations with near-term governance, risk or compliance requirements.

Request received.

We received your request. The C.L.A.R.A. team will contact you within 24-48 hours.

A better governance model

Govern AI use.
Keep people trusted.

Visibility, policy and evidence without collecting interaction content.