Search

Privacy and security

ClickUp has one of the strictest privacy and security policies in our industry.

Every ClickUp feature is covered by the policies outlined in this article. 

Privacy Policy

Your privacy is extremely important to us. 

To learn more, read our full privacy policy

Security policy

Keeping our clients' data secure is the absolute top priority at ClickUp. Our goal is to provide a secure environment, while also being mindful of application performance and the overall user experience.

  • ClickUp is hosted entirely on Amazon Web Services (AWS), providing a built-in suite of security and privacy features.
  • We've achieved SOC 2 compliance and ISO certifications. 
  • We have PCI DSS compliance.
  • We contract a third party for penetration testing.
  • We support a bug bounty program.

To learn more, read our full security policy

AWS Web Services

AWS maintains an impressive list of reports, certifications, and third-party assessments to ensure complete and ongoing state-of-the-art data center security. AWS infrastructure is housed in Amazon-controlled data centers throughout the world.

To learn more, visit the AWS Cloud Security page: https://aws.amazon.com/security/.

Infrastructure security

ClickUp's infrastructure is hosted in a fully redundant, secured environment, with access restricted to operations support staff only. This allows us to leverage complete firewall protection, private IP addresses, and other security features.

SOC 2 compliance

We have achieved audit certification for Service Organization Controls (SOC 2) Trust Services Principles, focused on security. Our continued SOC 2 certification ensures our organizational and technology controls are independently audited at least annually.

Contact sales@clickup.com for ClickUp's latest report.

ISO certifications

Following an extensive audit process the ISO 27001, ISO 27017, and ISO 27018 certifications confirm that ClickUp meets the highest international standards for security, reliability, quality, and trust. These certifications also prove ClickUp's commitment to continuously improving its information security posture.

Contact sales@clickup.com for ClickUp's ISO certificates.

Application security

Data is encrypted both at rest and in transit to prevent unauthorized access.

Data in transit is encrypted with TLS 1.2+, which cannot be viewed by a third party. Data at rest is encrypted using AES 256. ClickUp leverages AWS KMS for key management.

ClickUp maintains ongoing PCI compliance, abiding by stringent industry standards for storing, processing, and transmitting credit card information online.

ClickUp actively monitors ongoing security, performance, and availability 24/7/365. We run automated security testing on an ongoing basis. We also contract an independent third party for penetration testing.

Third-party applications and data protection

ClickUp performs security vendor reviews on all third parties in use.

To learn more, read our Data Protection Addendum (DPA) and take a look at our list of subprocessors.

Log in notifications

If you're not using SSO or Google sign in, ClickUp will send you an email every time you log in.

The email will include the following information about your login:

  • Date and time
  • Email used to log in
  • IP address
  • Location

Was this article helpful?