# FAQ Quick answers to common questions. See linked docs for details. ## General

What is Cleric?

Cleric is an AI SRE that investigates production issues by querying your observability tools and infrastructure. See [Overview](/meet-cleric/readme.md).

What platforms does Cleric integrate with?

Kubernetes, AWS, GCP, Datadog, Grafana, Prometheus, PagerDuty, GitHub, Confluence, Elasticsearch, and more. New integrations are added regularly based on customer needs. See [Integrations](/integrations/supported-integrations.md).

## Using Cleric

How do I interact with Cleric?

Web UI and Slack. See [Collaborating with Cleric](/investigation/collaborating-with-cleric.md).

How do I start an investigation?

Three ways: (1) **Automatic**: Configure keyword-based alert monitoring in Slack channels so Cleric investigates matching alerts automatically. (2) **On-demand in Slack**: Mention `@Cleric` in any channel or thread with a question or issue description. (3) **On-demand in the web UI**: Click "New issue" and describe the problem. You can also ask Cleric proactive questions outside of any alert, such as "run a health check on the payments service." See [Collaborating with Cleric](/investigation/collaborating-with-cleric.md).

What does !investigate do?

Adding `!investigate` to your message (in Slack or the web UI) triggers a full deep investigation instead of the default conversational mode. This gives you the same thorough analysis that alert-triggered investigations receive. Works when starting a new investigation or on follow-up messages in an existing thread. See [Deep Investigations](/investigation/collaborating-with-cleric.md#deep-investigations-with-investigate).

How does Cleric connect to my cloud infrastructure (AWS, GCP, etc.)?

You provide Cleric with scoped credentials for each system. For AWS, you create an IAM role with a trust policy that grants Cleric access to specific services (e.g., CloudWatch, EKS). For Kubernetes, you create a service account with RBAC permissions. For SaaS tools (Datadog, PagerDuty, etc.), you provide an API key. Cleric provides draft policies and configurations that you can edit to match your security requirements. You control exactly what Cleric can and cannot access. See [Integrations Overview](/integrations/overview.md).

Does Cleric handle the full incident lifecycle?

Yes: from alert to root cause to recommended fix to summary report. See [How Investigations Work](/investigation/how-investigations-work.md).

Can Cleric take actions or just investigate?

Cleric primarily investigates using read-only access. The GitHub integration includes write permissions by default, allowing Cleric to create branches, open pull requests, and file issues. Cleric is instructed that it cannot merge PRs directly. We recommend configuring branch protection rules on your default branch. See [GitHub integration](/integrations/supported-integrations.md#github) for details. If you grant the Atlassian user "Create Issues" permission, Cleric can also create Jira tickets from investigation findings. See [Confluence and Jira integration](/integrations/supported-integrations.md#confluence-and-jira) for details.

Does Cleric replace my monitoring dashboards?

No. Cleric works alongside your existing observability tools (Datadog, Grafana, etc.), not instead of them. See [Supported Integrations](/integrations/supported-integrations.md).

Can Cleric connect findings across different tools?

Yes. Cleric correlates data across all connected integrations (logs, metrics, deployments, code changes, and more). See [Supported Integrations](/integrations/supported-integrations.md).

Can Cleric use our internal documentation?

Yes. Cleric searches Confluence, GitHub docs, and other sources during investigations, respecting your existing access controls. See [Providing Context](/setup/providing-context.md).

How do we decide what to configure Cleric to respond to?

Start with high-frequency or high-complexity alerts. See [Configuring Agents and Triggers](/setup/agents-and-triggers.md).

What's the difference between agents and triggers?

An **agent** is a named workflow with instructions (e.g., `investigate`, or your own `checkout-5xx`). A **trigger** is a rule that runs an agent automatically when a matching event fires; for alerts, that means a bot message in a configured Slack channel matching the trigger's keyword rules. You can run an agent on-demand with `!agent-name` even if no trigger exists for it. See [Configuring Agents and Triggers](/setup/agents-and-triggers.md).

How can we provide feedback on Cleric's responses?

In the web app or Slack thread. See [How Cleric Learns](/learning/how-cleric-learns.md).

What access does Cleric need to our infrastructure?

Cleric only requires read-only access to your tools. See [Connecting Integrations](/integrations/supported-integrations.md) for further details.

What happens if Cleric encounters an error during investigation?

Cleric continues with available sources and notes failures in the Activity Log. See [Reviewing the Activity Log](/investigation/reviewing-the-activity-log.md).

What happens when Cleric needs more information during an investigation?

For user-initiated investigations, Cleric asks clarifying questions in the same Slack thread or web chat and waits for your response before continuing. For alert-triggered investigations, Cleric completes with available data and reports any gaps or access limitations in its findings. See [How Investigations Work](/investigation/how-investigations-work.md#when-cleric-needs-more-information).

Why did Cleric attach a new alert to an existing issue instead of starting a new investigation?

When a new alert in a Slack channel looks like the same problem as a recent issue in that channel, Cleric attaches it to the existing issue instead of creating a new one. This keeps related alerts together and avoids parallel investigations for the same incident. See [Alert Grouping](/investigation/how-investigations-work.md#alert-grouping).

How does Cleric learn about our environment?

Cleric scans connected integrations and learns from each investigation. See [How Cleric Learns](/learning/how-cleric-learns.md).

Can Cleric handle incidents that span multiple systems?

Yes. Cleric automatically maps service dependencies and traces issues across system boundaries. See [How Cleric Works](/meet-cleric/how-cleric-works.md).

Should we deploy Cleric in non-production environments?

Focus on production. Dev/QA environments have less structured data. See [Quick Start](/meet-cleric/quick-start.md).

How do I get help with an issue not covered here?

Contact or reach out via your dedicated Slack Connect channel with the Cleric team. Available Monday-Friday, 9am-6pm PT.

## Security & Privacy

Is there an audit trail of what Cleric does?

Yes. Every investigation logs what Cleric accessed and the steps it took. See [Reviewing the Activity Log](/investigation/reviewing-the-activity-log.md).

Does Cleric have SOC2 certification?

Yes. Cleric is SOC 2 Type II certified. Our report is available in our [Trust Center](https://trust.cleric.ai).

Exactly what data does Cleric ingest and store?

Investigation data (queries executed, reasoning traces, and responses). Your logs, metrics, and code are queried at runtime and not persisted. See [Security & Data Privacy](/security/security-data-privacy.md).

Does Cleric use my data to train AI models?

No. Your data is never used to train or fine-tune models. See [Security & Data Privacy](/security/security-data-privacy.md).

Can I request deletion of my data?

Yes. Request deletion anytime. See [Data Storage and Retention](/security/security-data-privacy.md#data-storage-and-retention).

Can I request deletion of a specific investigation?

Yes. If an investigation report contains data you want removed, contact us via or your dedicated Slack Connect channel. Specific investigations can be deleted on request. See [Data Storage and Retention](/security/security-data-privacy.md#data-storage-and-retention).

Does Cleric deploy anything in my infrastructure?

No. Cleric runs entirely in a dedicated, single-tenant cloud environment (`.app.cleric.ai`). No agents, sidecars, or daemons run in your clusters or cloud accounts. Cleric connects to your systems using the credentials you provide (API keys, IAM roles, service accounts) and queries them remotely. The only exception is the optional [Connector](/integrations/private-resources.md) for accessing private resources (e.g., a Kubernetes cluster without a public API endpoint), which you deploy and control.

Is Cleric available for self-hosting?

No. Cleric is SaaS-only.

Does Cleric support Single Sign-On (SSO)?

Yes, via WorkOS (compatible with all major SSO providers). See [Setting up SSO](/setup/setting-up-sso.md).

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cleric.ai/reference/faq.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.