These are frequently asked questions about the privacy and security of our ClickUp AI features. 

Which models are you using and which version?

ClickUp AI is built with ChatGPT-4o and ChatGPT-4.1. ClickUp AI's Deep Search functionality also uses ChatGPT-4.1. Prompts suggested by ClickUp AI, Project Updates, and StandUps use Gemini 2.5 Flash. The Chat GPT and Gemini models integrated with ClickUp AI are the only models that can access your Workspace data using in-context learning.

From ClickUp AI, you can also access selected external large language models (LLMs). When using any of these external models from ClickUp AI, the model cannot access your Workspace data.

For example, you open the external ChatGPT-4.0 model from ClickUp AI and ask: Summarize the Accounting team's progress on the FY26 audit. ChatGPT can't answer you because it can't access your Workspace data.

You ask: What does FY26 mean? ChatGPT answers you with general info about the fiscal year and common examples of how organizations map theirs with the calendar year.

Is my data used to train any AI models?

ClickUp AI is not trained on data from your Workspace. We've secured licensing with our partners to ensure they do not access your data for training purposes. We also have zero data retention agreements with all of the large language model (LLM) organizations we partner with. The agreements require our partners not to retain any data from your Workspace after your data is input and processed through the LLM.

Additionally, we use in-context learning (ICL) to ensure that our models are not learning from data.

What is in-context learning?

In-context learning (ICL) is a technique that allows large language models (LLMs) to generate appropriate responses when given context or examples within a prompt. This shows the model what to do without retraining or fine-tuning the model.

For example, when asked a question like What is our PTO policy? ClickUp AI understands that it should search for PTO-related content in your Workspace. ClickUp AI analyzes the content and provides the most appropriate response. 

This allows ClickUp AI to assist you while never storing information from your Workspace.

Is my data sent to third-party providers outside of ClickUp?

Our AI features sometimes need to share certain data with our partners. When we do need to share data with our partners, we ensure that only the necessary information is sent. Strict agreements with our partners ensure that your data is not used for training or retained in any capacity. It is deleted from their systems as soon as possible.

For more detailed information, take a look at the following resources:

• Our Data Protection Addendum (DPA).
• More information on how ClickUp performs vendor management can be found in Section 4.3. Third Party Services on the Security Policy page.
• You can see our full list of third-party providers on our Subprocessors page.
• Details on the security policies for the primary models used to build ClickUp AI, ChatGPT 4.o and 4.1, are available on OpenAI's website.
• The websites for our external LLM partners can be found on our Subprocessors page.

Does using Connected Search grant ClickUp AI access to the connected applications?

ClickUp AI and Connected Search maintain the strict policies outlined in our Privacy and security article.

Take a look at our Connected Search article to learn more about the specific privacy and security measures we've implemented. 

Are the permissions set for connected applications respected when using Connected Search?

Connected Search respects existing permissions for connected applications. We enforce role-based controls to keep access current and consistent. 

Take a look at our Connected Search article to learn more about the specific privacy and security measures we've implemented. 

How does ClickUp encrypt data?

Take a look at our Privacy and security article to learn more about the specific application security measures we've implemented. 

Is ClickUp GDPR compliant?

All ClickUp plans meet the requirements of the current global data protection legislation, including:

• GDPR (General Data Protection Regulation)
• European Data Protection Legislation
• LGPD (Brazilian General Data Protection Law)
• CCPA (California Consumer Privacy Act of 2018) as amended by the CPRA (California Privacy Rights Act of 2020)
• VCDPA (Virginia Consumer Data Protection Act)

Take a look at our Data Protection Addendum (DPA) to learn more. 

Where is ClickUp hosted?

ClickUp is hosted entirely on Amazon Web Services (AWS), providing end-to-end security and built-in privacy features. 

Take a look at our Data Protection Addendum (DPA) to learn more. 

If a customer's data is hosted in the EU, will the data processed through ClickUp AI on their account also be processed in the EU? 

No. OpenAI, the subprocessor for ClickUp AI integrated with Chat-GPT, is located in the US. The websites for the external LLMs that can be accessed through ClickUp AI can be found on our Subprocessors page.

Who owns the data input into ClickUp AI?

ClickUp customers retain any ownership they have of their data, regardless of whether it is processed through a large language model (LLM) or not. Any data provided by a ClickUp customer that is sent to ClickUp's AI providers is covered by ClickUp's contract with that AI provider. ClickUp's contracts with AI providers prohibit ClickUp customer data from being used to train any AI model or from being retained by that model after processing.

Any other questions specifically about data and ClickUp AI can be answered by our policy, ClickUp AI Additional Terms.

How do you ensure ClickUp AI is secure and consistent?

ClickUp AI undergoes regular internal and external penetration testing to ensure security. We have an automated eval testing framework to ensure the behavior of ClickUp AI remains consistent.

Does ClickUp AI respect the user's role and permissions when responding?

ClickUp AI has two main feature types:

• AskAI refers to manual usage of AI. For example, using our feature, Write with AI, or asking Brain Assistant questions.
  • AskAI has access to the same information as the person using it. AI can't reveal anything that person can't otherwise access.
• AI Autopilot refers to actions configured by someone in your Workspace that happen automatically or autonomously. For example, AI Agents.
  • AI Autopilot agents respond based on their instructions and the knowledge they're given access to when configured. They respond in Channels, tasks, and other ClickUp items and locations as configured.
  • If a user has access to the item or location but not all the agent's knowledge, they might see information in the response that they could not access otherwise. Learn how to configure custom agents and prebuilt agents.

Is ClickUp AI HIPAA compliant?

ClickUp can support HIPAA compliance for Enterprise customers by agreeing to a BAA (Business Associate Agreement). Take a look at the Healthcare use section of ClickUp AI Additional Terms for our PHI (Protected Health Information) policies. ClickUp has BAAs currently in place with all large language models (LLMs) that we support in the ClickUp product.

Is there human monitoring of ClickUp AI for performance and quality of output results?

We monitor daily for performance and reduced likes and dislikes. The only way for our engineers to access traces is when a user clicks the downvote icon on a ClickUp AI response.

Does ClickUp AI provide transparent output through each stage of user interaction?

ClickUp AI's primary purpose is to answer questions within your organization. ClickUp AI provides sources for its answers to questions. This allows users to validate which sources are used to answer the questions.

How is bias detected and mitigated in ClickUp AI?

Bias is mitigated by the underlying provider. Details for ChatGPT integrated into ClickUp AI are available on the OpenAI website.

The bias policies for the external LLMs that can be accessed through ClickUp ClickUp AI can be found on our partner's websites. Our partners' websites are listed on our Subprocessors page.