Third Party Due Diligence
Analyze any company across compliance and cybersecurity dimensions
ClearTrace queries 200+ registries and data sources across 140+ jurisdictions
No Results Yet
Run an analysis from the Search page to see results here.
Node Details
Legend
Company
Domain
IP
Person
Country
Breach
Risk border
Low risk
Medium risk
High risk
Dataset nodes
Sanctions list
Watchlist
Registry
Select an investigation to view its graph
Choose an investigation below, or create a new one to get started.
Reports
AI-powered executive reports with hash-based provenance tracing
No Investigations Yet
Create an investigation on the Graph page, then return here to generate an AI-powered executive report.
History
All previous analyses and generated reports
About ClearTrace
Third Party Due Diligence Platform
What is ClearTrace?
ClearTrace automates compliance screening and cybersecurity risk assessment across 200+ registries and data sources spanning 140+ jurisdictions. It enables analysts to quickly identify sanctions exposure, adverse media, cybersecurity weaknesses, and corporate structure risks for any counterparty — and to group related searches into investigations for collaborative deep research and executive-grade reporting.
Multi-Domain Analysis
When a company operates multiple domains or when the primary domain cannot be automatically resolved, ClearTrace lets you select all relevant domains before running the analysis. Cybersecurity checks are executed against every selected domain in parallel; the worst-case score across all domains is applied to ensure no exposure is missed. A real-time activity feed shows per-domain progress as each check completes.
Investigation Graph
Group searches into named Investigations and explore connections visually in the interactive D3.js graph. The graph surfaces entity relationships across all searches in an investigation simultaneously.
Node types: Company, Domain, IP address, Person (director), Country, Breach, Sanctions list, Watchlist, Registry
Risk colour: Nodes are colour-coded by risk score — green (low), amber (medium), red (high)
Merge: Drag one company node onto another to merge duplicate entries
Filter: Show or hide specific node types; switch between physics and hierarchical layouts
Deep Research & Reports
Select an investigation and trigger Deep Research: ClearTrace runs an AI-powered cross-entity correlation analysis, surfacing discrepancies, shared infrastructure, and red flags across all searches. Once complete, generate a professional executive report in PDF, HTML, or both.
PDF report — Multi-page document with cover page, risk gauges, check tables, deep research findings, and disclaimer
HTML report — Self-contained interactive file with section toggles, company filter, and a static mini-graph — shareable without a PDF viewer
Data Sources
| Source | Type | What it checks |
|---|---|---|
| OpenSanctions | Sanctions | OFAC SDN, EU FSF, UN SC, FATF & 70+ lists including PEP |
| World Bank Debarment | Watchlist | Debarment & cross-debarment enforcement actions |
| ICIJ Offshore Leaks | Watchlist | Panama Papers, Pandora Papers, FinCEN Files |
| GDELT | Compliance | Adverse media — fraud, corruption, bribery articles |
| Country Risk (FATF / CPI) | Compliance | Grey/black-list jurisdictions and corruption index |
| Companies House / OpenCorporates | Registry | Company registration, filings & director records |
| GLEIF / LEI | Registry | Global legal entity identifier & ownership chain |
| Wayback Machine | Compliance | Domain web-archive presence & first-seen date |
| SSL Labs | Cybersecurity | TLS certificate grade (A+ to F) |
| Mozilla Observatory | Cybersecurity | HTTP security headers & web hardening score |
| DNS Security | Cybersecurity | SPF, DMARC, DKIM email authentication posture |
| Have I Been Pwned | Cybersecurity | Known data breach exposure for the domain |
| VirusTotal / URLhaus / PhishTank | Cybersecurity | Malware, phishing, and malicious URL reputation |
| Shodan / AbuseIPDB / DNSBL | Cybersecurity | Open ports, IP reputation & blocklist exposure |
How Scores Are Calculated
Scores run from 0 (no risk) to 100 (maximum risk). ClearTrace computes two independent scores — Compliance and Cybersecurity — and combines them into an overall rating.
Low Risk — 0–29
Medium Risk — 30–69
High Risk — 70–100
Combined score = the worst (highest) of Compliance and Cybersecurity. If a check is skipped because no API key is configured, its points are excluded and the remaining checks are scaled proportionally so the total always stays 0–100.
Compliance Score (0–100)
| Check | Max pts | How it's calculated |
|---|---|---|
| Sanctions (OpenSanctions) | 35 | Match >85% confidence = 35 pts · Match 50–85% = 15 pts · No match = 0 |
| PEPs (OpenSanctions) | 15 | PEP match >80% = 15 pts · PEP 60–80% = 10 pts · No PEP = 0 |
| Country Risk (FATF + TI) | 15 | FATF blacklist = 15 · FATF grey list = 10 · TI CPI <30 = 11 · CPI >60 = 0 |
| Adverse Media (GDELT) | 15 | 0 articles = 0 · 1–3 = 5 · 4–10 = 10 · >10 = 15. Adjusted by negative tone. |
| Enforcement (World Bank + ICIJ + Companies House) | 20 | Active debarment = 20 · Historical = 10 · ICIJ hit = 10 · None = 0 |
| Bonus: Administrator sanctioned | +25 | If the company is clean but a director matches a sanctions list, +25 pts added to compliance score |
Cybersecurity Score (0–100)
| Check | Max pts | How it's calculated |
|---|---|---|
| SSL/TLS (SSL Labs) | 20 | A/A+ = 0 · B = 5 · C = 10 · D/E = 15 · F/expired = 20 |
| Security Headers (Mozilla Observatory) | 15 | A = 0 · B = 3 · C = 6 · D = 10 · F = 15 |
| Email Security (DMARC + SPF) | 20 | No DMARC = 15 · DMARC p=none = 8 · p=reject = 0 · No SPF = +5 |
| Data Breaches (HIBP) | 15 | 0 breaches = 0 · 1–3 = 5 · 4–10 = 10 · >10 = 15 |
| Domain Reputation (VirusTotal + URLhaus + PhishTank + Safe Browsing) | 15 | Any malicious flag = 15 · Suspicious = 8 · Clean = 0 |
| Open Ports / Blacklists (Shodan + DNSBL + AbuseIPDB) | 15 | Critical ports (RDP, SMB, Telnet) = 15 · Blacklisted = 10 · Clean = 0 |
Registry vs Sanctions
Not all nodes in the investigation graph carry the same risk weight. ClearTrace distinguishes three categories of datasets:
Sanctions lists (red nodes) — HIGH RISK
OFAC SDN, EU FSF, UN SC, HMT, DFAT, SECO, Interpol Red Notices, and similar official government lists. Appearance on any of these lists means the entity is subject to legal sanctions. Any match triggers maximum compliance weight.
Watchlists (orange nodes) — MEDIUM RISK
UANI Business Registry, NBIM Exclusions, World Bank Debarment, SEC Enforcement, DOJ actions, ICIJ offshore leak databases (Panama Papers, Pandora Papers). These are not official sanctions but indicate elevated risk — further investigation is advised.
Registries (grey nodes) — NEUTRAL
SWIFT BIC, GLEIF / LEI, OpenCorporates, Companies House, EGRUL. These are simply business directories. Appearance in a registry does not indicate risk — it is expected for any legitimate company. Registry-only matches receive half the normal sanctions weight to prevent false positives.
Match Confidence Explained
When ClearTrace queries OpenSanctions and similar screening databases, each match is assigned a confidence score (0–100%) reflecting how closely the returned record matches the searched entity name, alias, or identifier.
| Confidence | Risk weight | Interpretation |
|---|---|---|
| > 85% | Full (35 pts) | High-confidence hit — strong name or ID match; manual review required |
| 50–85% | Partial (15 pts) | Possible match — fuzzy name or alias overlap; further investigation advised |
| < 50% | None (0 pts) | Unlikely match — name similarity below threshold; treated as no hit |
Note: Matches found only in corporate registries (e.g. OpenCorporates, GLEIF, Companies House) are treated as registry-only and receive half the normal sanctions weight, as registry presence alone does not indicate sanctions exposure.
Privacy & Security
All API keys are encrypted at rest using AES-256-GCM before storage. Analysis results are cached locally and tied to your authenticated session. No search data or results are transmitted to third parties beyond the individual data source APIs you have configured.
Disclaimer
ClearTrace is a decision-support tool, not a substitute for qualified legal, compliance, or financial advice. Scores and flags are computed from automated API queries and may be incomplete, delayed, or inaccurate. Match confidence values reflect algorithmic similarity — a high-confidence hit does not confirm identity, and a low score does not confirm the absence of risk. All results must be independently verified by a qualified compliance professional before any business or legal decision is taken. ClearTrace accepts no liability for decisions made on the basis of its outputs.
Settings
Configure AI provider and API keys for premium data sources
AI Provider
Data Source API Keys
All keys are encrypted at rest. Optional — sources without keys will be skipped or use free tiers.
Cloudflare AI Gateway (optional)
Route AI requests through Cloudflare AI Gateway for observability, caching, and rate-limit protection.
Security
Change your ClearTrace login password.