Short answer: very secure! We have an article about our general Security Posture here.

Longer, more technical, answer below...

Clause is a Software as a Service platform hosted on Amazon Web Services (AWS). AWS is used by many of the most popular Internet applications, including Netflix, Slack, AirBnB, Starling Bank, River Island and many more.

AWS has some of the strictest security controls in the world -- one of the reasons they run a private cloud for the US Central Intelligence Agency.

Without going into sensitive details, at Clause we believe in "security in depth", using a mixture of training, external audits, a public vulnerability disclosure policy and infrastructure solutions to secure the platform.

We are also transparent in the data that we collect and share with third-parties via our privacy policy.

We do not store any credit card details. Credit card details are stored and managed by Stripe and we comply with the Stripe PCI compliance guidelines.

The site that hosts the Clause application is regularly security scanned for HTTPS issues and general vulnerabilities. You can view the results here.

Core contract data, logs and access keys are firewalled behind additional levels of security and access control, to limit access to authorized Clause support engineers.

We continually re-evaluate our security posture, and update our security controls based on industry best practices.