Security

Your data security is foundational to everything we build. Here's how we protect your bots, conversations, and infrastructure.

Encryption

All data is encrypted in transit with TLS 1.3 and at rest with AES-256. API keys and secrets are stored using envelope encryption with regularly rotated master keys.

SOC 2 Type II

Clawployees is SOC 2 Type II compliant. Our controls are independently audited annually covering security, availability, and confidentiality.

Data Residency

Choose where your data lives. We offer hosting in US (Virginia), EU (Frankfurt), and APAC (Sydney) regions to meet your compliance requirements.

Access Control

Role-based access control with SSO and SAML support on Enterprise plans. All access is logged and auditable.

Infrastructure

Hosted on isolated, hardened infrastructure with network-level segmentation. All production systems run in private subnets with no direct internet access.

Penetration Testing

We conduct annual third-party penetration tests and run a continuous bug bounty program. Contact us for the latest report.

Data Retention

You control your data retention policies. Conversation logs can be automatically purged on a schedule you define. Deleted data is permanently removed within 30 days.

Incident Response

We maintain a documented incident response plan with defined escalation paths. Customers are notified of any security incidents within 24 hours.

Have a security question?

Contact our security team for penetration test reports, compliance documentation, or to report a vulnerability.

[email protected]