We follow industry best practices, so security is baked right into our product. We take the security of your data and our service very seriously. We are committed to providing an environment that is safe, secure, and available to the organizations and users that use our services.
- Data in transit runs entirely over SSL. Data at rest is encrypted with AES 128/256.
- Our infrastructure runs on fault-tolerant systems and encrypted backups are made daily.
- We leverage third-party providers to continuously monitor our infrastructure for security compliance.
- Billing information is entirely managed by our PCI-compliant payments provider (Stripe).
- Clew is hosted on Amazon Web Services (AWS), a leading cloud provider that holds rigorous industry security certifications, such as - SOC 2, ISO 27017 and ISO 27001.
- Where-ever possible we only require the minimum permissions required from third-party applications in order to provide the features enabled by Clew.
- Data from third-party integrations connected to Clew is limited to what the user accesses and stores in Clew. We don't unneccessarily index all your data. We consistently purge our caches and databases to ensure third-party data is not stored for any longer than required.
- We don't permanently store any data from third-party integrations. However some metadata may be stored for the purpose of enabling features provided by Clew (like file sharing or views).
When integrations are disconnected from Clew, third-party data associated with the integration will be deleted across all our services.
We welcome responsible security research and disclosure on our product and infrastructure. Potential vulnerabilities can be reported by emailing firstname.lastname@example.org