Built to be trusted. By your security team, and by the machines.
CLEO connects to your CMS, your search and analytics, audits and publishes content, and tracks how AI engines cite your brand. That means we hold access, and we take it seriously.
Here is how we protect your data. What is established, and what we are still strengthening. We would rather you see both.
01.
IDENTITY & ACCESS
A verified core
Delegated identity, no passwords. All sign-in is handled by a specialist identity provider using signed, verified tokens. CLEO stores no passwords of its own.
Encrypted credentials. The credentials we need to publish on your behalf are encrypted at the application layer using authenticated encryption and a strong key-derivation function. If our keys are absent, the service fails closed.
Controlled egress. Every response passes through a multi-pass scrubber that strips internal detail and personal data before anything leaves our service, with an automated guard that prevents regressions.
Tenant isolation. Your data is isolated per project. The acting identity is always taken from a verified token, never from the request itself, and every read and write is scoped to your own projects.
Isolated hosting. CLEO runs in a dedicated cloud account with production and staging fully separated. Billing is handled by a PCI-certified provider; we never store card data.
02.
ENCRYPTION
Protected in transit, at rest, and at field level
In transit: a modern minimum TLS version, with a full set of browser security headers: strict transport, content-security policy, frame and content-type protections.
At rest: encryption across all managed data stores at the cloud-platform layer; provider attestations available on request.
At field level: sensitive credentials encrypted in the application with authenticated symmetric encryption and an iterated key-derivation function.
03.
AI & YOUR DATA
Your content stays yours
Your content is never used to train third-party AI models. We use AI providers only on their paid, commercial API terms, under which client inputs and outputs are not used to train their models. We do not use free tiers that would permit it.
We do not train our models on your campaigns. If that ever changes, it will be strictly opt-in: you will be asked first, and you may decline and continue to use CLEO in full.
Your CMS credentials never leave for AI or search vendors. Only the marketing and content data required for a task is sent to generate or analyse content.
04.
EXCLUSIONS
What we never hold
Payment-card data: card handling is delegated entirely to a PCI-certified provider.
Passwords for your users: identity is delegated.
Clinical records, patient files, or claims data: CLEO works with marketing data and is not a system of record for any such data.
05.
HOSTING
Hosting and data residency
Production data is hosted in the cloud region we agree with you. Available regions include the United States of America (New York), Australia (Sydney), the United Kingdom (London), and India (Mumbai). Where you have a residency requirement, your data is provisioned and stored in that region, and operational telemetry is processed in-region. Automated backups and point-in-time recovery are in place, with a web application firewall at the edge and container image scanning on every deployment.
06.
ASSURANCE
Where we stand, plainly
CLEO has completed an internal SOC 2 Type 1 readiness assessment across all five Trust Services Criteria: Security, Availability, Confidentiality, Processing Integrity, and Privacy. We are not yet independently audited: no external firm has issued an opinion, and an independent assessment is on our roadmap. We state this plainly, because a security team is best served by a vendor that knows exactly where its strengths and boundaries are.
Subprocessors are bound by data-processing agreements. The named subprocessor list, their regions, and current attestations are available on request.
07.
FOR REVIEWERS
Request the full overview
A full Security & Trust Overview, architecture and data-flow, control matrix, data inventory, subprocessor list, data-processing agreements, and our enhancement roadmap, is available under controlled review. We are glad to host a technical walkthrough with your team and to complete any security questionnaire your process requires.
We would rather you see the full picture than a polished summary. That is the posture.
Security
CLEO Security & Trust. Built to be trusted - by your security team, and by the machines.
CLEO connects to your CMS, your search and analytics, audits and publishes content, and tracks how AI engines cite your brand. That means we hold access, and we take it seriously. Here is how we protect your data - what is established, and what we are still strengthening. We would rather you see both.
A verified core
Delegated identity, no passwords - all sign-in is handled by a specialist identity provider using signed, verified tokens. CLEO stores no passwords of its own. Encrypted credentials - the credentials we need to publish on your behalf are encrypted at the application layer using authenticated encryption and a strong key-derivation function. If our keys are absent, the service fails closed. Controlled egress - every response passes through a multi-pass scrubber that strips internal detail and personal data before anything leaves our service. Tenant isolation - your data is isolated per project. Isolated hosting - CLEO runs in a dedicated cloud account with production and staging fully separated.
Encryption at every layer
In transit via modern TLS with full browser security headers. At rest across all managed data stores. At field level with authenticated symmetric encryption.
AI and your data
Your content is never used to train third-party AI models. We use AI providers only on their paid, commercial API terms. We do not train our models on your campaigns - if that ever changes, it will be strictly opt-in. Your CMS credentials never leave for AI or search vendors.
What we never hold
Payment-card data, passwords for your users, clinical records or patient files.
Hosting and data residency
Production data hosted in the cloud region agreed with you. Available regions include the United States of America (New York), Australia (Sydney), the United Kingdom (London), and India (Mumbai).
Assurance posture
CLEO has completed an internal SOC 2 Type 1 readiness assessment across all five Trust Services Criteria. We are not yet independently audited - an independent assessment is on our roadmap. Subprocessors are bound by data-processing agreements.
Contact
connect@regencleo.ai
A verified core
Encryption at every layer
AI and your data
What we never hold
Hosting and data residency
Assurance posture
Contact
About CLEO by RegenAI
CLEO by RegenAI is the autonomous Presence Engine - a closed-loop platform that unifies search engine optimisation, AI answer visibility, structured content publishing, and social signal amplification into one integrated system with a compounding feedback mechanism between every layer.
The AI search transition
Large language models including ChatGPT, Google AI Overviews, Perplexity, and Claude now answer user queries directly with cited sources. Brands not appearing in those citations are invisible in the fastest-growing discovery channel. Traditional analytics tools do not capture AI citation share. Brands are losing reach they cannot measure with standard dashboards.
Search
The foundation of the Presence Engine. Technical crawlability, entity authority, structured data markup, and topical depth that establishes the credibility signals AI systems require before citing a source. A brand that cannot be crawled cannot be cited. A brand without entity authority cannot be trusted by language models.
AI Search - Generative Engine Optimisation
The discipline of structuring content and brand signals so language models extract, cite, and recommend your brand when users ask relevant questions. GEO is not traditional SEO. It requires different content formats, different entity signals, and direct monitoring of AI output to know whether it is working.
Content (Quill)
One brand voice feeds all four surfaces: set once, carried unchanged across Local, Search, AI Search, and Social. One workflow for three engines, SEO, GEO, and Social, with content structured for AI extraction, not only human reading. No other platform writes in a single, locked brand voice across all four.
Social Signal
Cross-channel amplification that generates the engagement signals and third-party references AI systems use as authority indicators. Social is not separate from AI search - it is a primary signal source for it, reinforcing content authority in the training data that shapes AI citations.
Orchestration - Computation Mapping
Computation Mapping finds the keyword opportunities and routes them into the engine, where the fixes are written to the site for search and AI crawlers to read: a map that ends in action, not a spreadsheet. Without orchestration, four products; with it, one engine.
Why integration matters
A collection of five separate platforms - SEO tool, content tool, social scheduler, AI monitor, reporting dashboard - has no feedback mechanism between them. Each optimises for its own metric. There is no loop, and therefore no compounding. CLEO routes monitoring output directly into content creation. Published content triggers social amplification. Amplification results inform the next monitoring cycle. Authority accumulates with each iteration.
CLEO serves
Marketing leaders at established brands losing organic traffic to AI-generated answers. Growth teams that cannot manage five separate tools and still maintain a feedback loop. Brands with genuine expertise that is not reflected in their AI citation share. Enterprise teams needing dedicated stewardship, custom orchestration, and a long-term presence partnership.
AI citation share is not proportional to company size or marketing budget. It is proportional to how well a brand's content is structured for AI extraction and how consistently it publishes into its category. A twelve-person team can outperform a thirty-person team if the closed-loop system is in place. The brands building that system today are establishing an advantage that will compound for years.
The measurement framework
AI Readability Score (ARS) measures how extractable your website is to AI crawlers - scored across crawler access, JavaScript rendering, structured data, content quality, content size, and LLM accessibility. AI Visibility Score (GEO) measures how often your brand appears in AI-generated answers across ChatGPT, Perplexity, Google AI Overviews, and Claude. Infrastructure Readiness measures the technical baseline - robots.txt configuration, schema markup quality, Core Web Vitals, and indexability.
Getting started
The free Presence Scan at regencleo.ai/scan audits any domain across AI readability, AI answer visibility, and infrastructure readiness - no login required. Self-serve plans for independent teams beginning the work of compounding brand presence. Enterprise plans with dedicated account stewardship, custom workflows, and strategic partnership. Start the conversation at regencleo.ai/book.
