How secure is Clause?
We take the security of the personal and business information that you share with us extremely seriously and we work hard to earn your trust. We are far from complacent; in fact, we verge on the paranoid! We know that only through continued investment in people, technology and processes can we ensure your information is safe.
Clause servers are located in AWS Data centers in the US, in data centers that are SOC 1, SOC 2 and ISO 27001 certified. Clause’s data centers have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access.
At Clause we believe in "security in-depth", using a mixture of training, automated code scanning, endpoint scanning, external audits, a public vulnerability disclosure programme and infrastructure solutions to secure the platform.
When you visit the Clause website, data that is sent between your device and our servers is protected using TLS encryption (SSL Report). Data at rest is encrypted using AES-256.
Payment Card Data
We do not store any credit card details. Clause is PCI compliant and holds an SAQ A Attestation of Compliance for PCI DSS. All cardholder data functions are fully outsourced to Stripe Inc.
Core contract data, logs and access keys are firewalled behind additional levels of security and access control, to limit access to authorized Clause support engineers.
We continually re-evaluate our security posture and update our security controls based on industry best practices.