Compliance and General Protection Data Regulation (GDPR)

ClickUp's utmost priority is your security and privacy. We're leading the industry with our privacy standards, ensuring that your data is never used for third-party profit or distribution of any kind. 

Additionally, we employ some of the leading security experts, researchers, and cyber security firms to ensure our systems and databases adhere to the highest possible quality standards.
Read more about our latest security and compliance features in our security statement:

GDPR (General Protection Data Regulation) compliance 

The General Data Protection Regulation (GDPR) is a European Union regulation designed to improve the data security and privacy of European citizens. As of April 4, 2018, ClickUp released an update that ensures full compliance with the new GDPR regulation. This means you can fully export your data as well as request to delete all data for your team. To initiate GDPR account deletion, please email customer support at
We’ve ensured our vendors and subprocessors are fully compliant with GDPR and the requirements it contains. We have performed due diligence and contracted Data Processing Agreements with all of our subprocessors. 

Encryption at rest

All data is held at the utmost security standards including encryption in transit as well as at rest. 

HIPAA compliance

If you need a BAA agreement, you'll need to upgrade to the Enterprise plan. Due to the regulatory and legal costs, BAA agreements are only issued for Enterprise users. Please contact with any questions.

SOC 2 compliance

We have achieved audit certification for Service Organization Controls (SOC 2) Trust Services Principles, focused on security. Our continued SOC 2 certification ensures our organizational and technical controls are independently audited at least annually. Please contact for ClickUp's latest report.

Was this article helpful?