It's not complicated really, but you are right when you say it looks complicated at first.
The trick is to understand that JIRA is intended to be a collaboration tool, where the most simple form of access control is "everyone who can log in gets a basic level of access to everything". This has lead to the defaults being "groups who can log in get defaulted into the role of users in every project, who can see the project"
You need to unpick this default. That is not easy, as you need to check every permission scheme, just in case it's used a shared group, and then go over every project to make sure it does not say "everyone can use this project". You should also go to the Admin -> users -> roles section and remove most, if not all, defaults in there, so that when you create a new project, no groups are added to any of the roles.
Once you've done that, as a one-off, you're all set. Your clients will get accounts that let them log in, and see nothing, until your project admins add them into the role in the project that lets them see just that project.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.