Privacy and security

ClickUp has one of the strictest privacy and security policies in our industry. 

Privacy Policy

Your privacy is extremely important to us. 

To learn more, read our full privacy policy.

Security policy

Keeping our clients' data secure is the absolute top priority at ClickUp. Our goal is to provide a secure environment, while also being mindful of application performance and the overall user experience.

  • ClickUp is hosted entirely on Amazon Web Services (AWS), providing a built-in suite of security and privacy features.
  • Our team takes additional proactive measures to ensure a secure infrastructure environment. 
  • We've achieved SOC 2 compliance and ISO certifications. 

To learn more, read our full security policy

AWS Web Services

AWS maintains an impressive list of reports, certifications, and third-party assessments to ensure complete and ongoing state-of-the-art data center security. AWS infrastructure is housed in Amazon-controlled data centers throughout the world.

To learn more, visit the AWS Cloud Security page:

Infrastructure security

ClickUp's infrastructure is hosted in a fully redundant, secured environment, with access restricted to operations support staff only. This allows us to leverage complete firewall protection, private IP addresses, and other security features.

SOC 2 compliance

We have achieved audit certification for Service Organization Controls (SOC 2) Trust Services Principles, focused on security. Our continued SOC 2 certification ensures our organizational and technology controls are independently audited at least annually.

Contact for ClickUp's latest report.

ISO certifications

Following an extensive audit process the ISO 27001, ISO 27017, and ISO 27018 certifications confirm that ClickUp meets the highest international standards for security, reliability, quality, and trust. These certifications also prove ClickUp's commitment to continuously improving its information security posture.

Contact for ClickUp's ISO certificates.

Application security

All ClickUp web application communications are encrypted over TLS 1.2, which cannot be viewed by a third party. This is the same level of encryption used by banks and financial institutions. All data for ClickUp is encrypted at rest using AES 256 encryption.

ClickUp maintains ongoing PCI compliance, abiding by stringent industry standards for storing, processing, and transmitting credit card information online.

ClickUp actively monitors ongoing security, performance, and availability 24/7/365. We run automated security testing on an ongoing basis. We also contract an independent third party for penetration testing.

Third-party applications and data protection

ClickUp performs security vendor reviews on all third parties in use.

To learn more, read our Data Protection Addendum (DPA) and take a look at our list of subprocessors.


ClickUp AI 

To learn more, see ClickUp AI models, privacy, and security.

Log in notifications

If you're not using SSO or Google sign in, ClickUp will send you an email every time you log in.

The email will include the following information about your log in:

  • Date and time
  • Email used to log in
  • IP address
  • Location

Was this article helpful?