We take the security of the personal and business information that you share with us extremely seriously and we work hard to earn your trust. We are far from complacent; in fact, we verge on the paranoid! We know that only through continued investment in people, technology and processes can we ensure your information is safe.

System Security

Clause servers are located in AWS Data centers in the US, in data centers that are SOC 1, SOC 2 and ISO 27001 certified. Clause’s data centers have round-the-clock security, automatic fire detection and suppression, fully redundant power systems, and strict controls for physical access.

Application Security

At Clause we believe in "security in-depth", using a mixture of training, automated code scanning, endpoint scanning, external audits, a public vulnerability disclosure programme and infrastructure solutions to secure the platform.

When you visit the Clause website, data that is sent between your device and our servers is protected using TLS encryption (SSL Report). Data at rest is encrypted using AES-256.

Data Privacy

We are also transparent in the data that we collect and share with third-parties via our privacy policy. This policy is compliant with the General Data Protection Regulation (“GDPR”).

Payment Card Data

We do not store any credit card details. Clause is PCI compliant and holds an SAQ A Attestation of Compliance for PCI DSS. All cardholder data functions are fully outsourced to Stripe Inc.

Operational Security

Core contract data, logs and access keys are firewalled behind additional levels of security and access control, to limit access to authorized Clause support engineers.

We continually re-evaluate our security posture and update our security controls based on industry best practices.