Security Policy

ClauseOne uses Google Cloud Platform (GCP) for all data storage and processing needs. We apply AES-256 encryption for data at rest (e.g., stored credentials, cached query results) and TLS v1.2 or higher for data in transit (e.g., browser traffic, API calls, internal services).

For more information on how we manage and process your data, please visit our Privacy Policy.

ClauseOne follows the principle of least privilege: access to customer data is strictly limited to authorized personnel and only granted when necessary to resolve customer-reported issues. All access to customer data is logged and monitored.

Access to production environments is managed through centralized identity systems with multi-factor authentication (MFA), single sign-on (SSO), and peer-reviewed change control processes. Infrastructure and identity configurations are managed via infrastructure-as-code (IaC).

ClauseOne provides robust access controls to manage user and project-level permissions, including:

• User Roles – Define what actions each user can take within the platform.
• Data Access – Govern which data connections are available and whether users can access shared or individual credentials.
• Project Access – Project owners can restrict visibility or editing rights, including access to any linked data or application logic.

SSO integrations (Google, Okta, OIDC) are supported to streamline and secure authentication.

ClauseOne incorporates automated vulnerability scanning, including:

• Static Application Security Testing (SAST)
• Software Composition Analysis (SCA)

Code changes are peer-reviewed, automatically tested for security and stability, and deployed through secure CI/CD pipelines with branch protection in place.

System health and security metrics are continuously monitored to identify potential risks before they affect performance or data integrity.