Security

Security at Clarevo

Your data is protected by enterprise-grade infrastructure. Every layer of our stack is independently certified.

System Status

99.97%
Uptime (12 months)
0
Security Breaches
0
Data Incidents
<5min
Mean Time to Detection
<45min
Mean Time to Resolution
90-day uptime 99.97%
90 days ago
Operational Partial degradation Incident
Today
Operational Last checked: 2 minutes ago

All systems operating normally. No active incidents.

Last Penetration Test Scheduled Q2 2026
Last Key Rotation 03-15-2026
Last Security Review 03-22-2026
Days Since Last Incident

Infrastructure Security

Encryption in Transit

TLS 1.3 on all connections. HSTS preloaded. Grade A+ SSL across every endpoint.

Encryption at Rest

AES-256 encryption on all stored data. Keys managed by the provider with automatic rotation.

DDoS Protection

Global edge network with automatic DDoS mitigation across 18+ regions worldwide.

Web Application Firewall

Enterprise WAF with bot filtering, rate limiting, and attack challenge mode enabled by default.

Content Security Policy

Strict CSP headers preventing XSS, clickjacking, and injection attacks on every page.

Vendor Certifications

Every layer of our infrastructure is managed by independently certified providers. We do not self-host sensitive systems.

Authentication
Identity & Access
SOC 2 Type II certified provider with MFA, SSO, and session management
Payments
Billing & Subscriptions
PCI DSS Level 1 certified — we never touch or store card data
Database
Data Storage
SOC 2 Type II certified, AES-256 encryption at rest, TLS in transit
Hosting
Edge Network
SOC 2 Type II, ISO 27001, GDPR compliant, global edge with DDoS protection
Content Intelligence
Voice & Strategy
Enterprise-grade provider with data processing agreements and zero retention

Data Practices

  • No data sales. We never sell, rent, or trade your personal information.
  • OAuth-only LinkedIn access. Credentials are handled via OAuth. We never see your password.
  • Client isolation. Content is generated per-client. There is no cross-client data sharing.
  • Encrypted API keys. All API keys are encrypted at rest and rotated quarterly.
  • Audit logging. All administrative actions are logged with timestamp, actor, and action type.

Your Rights

  • Data export. Request a full export of your data in portable JSON format at any time.
  • Account deletion. Request account deletion and we will hard-delete all data within 30 days.
  • Security concerns. Contact hello@clarevo.ai for any security questions or to report a vulnerability.

Questions about security?

We are happy to walk through our practices in detail.

Get in touch