Security

Secure from Day 1

ClearFeed is built from the ground up by an experienced team with security, privacy, and compliance prioritized from day one.

We are SOC2 Type 2 Certified (Report available on request to security@clearfeed.ai)
We are GDPR Compliant
We perform annual application-level penetration tests via an independent third party (Report available on request to security@clearfeed.ai)
All customer data is encrypted at rest and in transit, and access is protected behind your enterprise SSO.

Why isn't ClearFeed listed on the Slack Marketplace?

If you install the ClearFeed App on Slack, you will see the following banner before authorizing the app.

Our application for the Slack Marketplace is currently under review and we are actively working with the team at Slack to get ClearFeed listed. We will post the progress here as we get better visibility.

But you can safely install the ClearFeed App on your Slack Workspace. The following section details an overview of Security on ClearFeed.

Overview of Security on ClearFeed:

Infrastructure Security

Our infrastructure is hosted on AWS in the us-east-1 region across three availability zones.
By default, we block all traffic at a network level and only open specific ports as required to deliver the ClearFeed service.
Any escalated access to infrastructure requires a VPN or a whitelisted IP with 2-factor authentication.
We use AWS GuardDuty to detect unusual traffic and unauthenticated access to our critical systems.
Host-based intrusion detection systems are in active use.

Data Encryption

All critical data that we store is encrypted at rest and in transit.

Failover and disaster recovery

All of our production infrastructure is built with redundancies in place, in highly-available configurations spread over three different availability zones in the us-east-1 AWS region.
We have a disaster recovery plan which is reviewed every 6 months and a tabletop exercise is conducted by the management to verify that the plan is up to date.

Inventory and configuration

Identity and Access Control

Access to all of our critical systems requires 2FA authentication to sign in.
Access to customer data is limited to authorized employees who require it for operational and maintenance activities.
Access to sensitive production data is limited to just the DevOps team.

Monitoring and logging

We do extensive monitoring of infrastructure and application performance, which usually allows us to detect issues before many customers experience them.

Penetration Testing

We perform annual application-level penetration tests via an independent third party.
We aim to fix any discovered critical issues within 2 business days, and high-severity issues within 30 business days.
Medium-severity and lower-severity issues are handled as part of ongoing security work.

Incident response

ClearFeed implements a protocol for handling security events and other operational issues, including escalation procedures, rapid mitigation, and post-mortems.

User Consent

We rigorously adhere to GDPR requirements, ensuring that all data processing activities meet the highest standards of security, transparency, and user consent mandated by EU regulations.
We obtain explicit consent from users before utilizing cookies, ensuring full compliance with GDPR guidelines.

Compliance

ClearFeed is SOC2 Type 2 compliant and GDPR compliant.

Data retention

By Default, ClearFeed stores Slack message data for 60 days (excluding attachments), deleting raw messages after this period. Metadata and perpetual statistics like response times are retained. You can edit the data retention policy

Terms of Service, Privacy Policies and DPA

Our standard policies are listed on our public website:
All our Enterprise product editions support customer DPA, Terms of Service, and Security Reviews. You can reach out to us at security@clearfeed.ai for these reviews.

Security questions or issues?

PreviousGPT-Powered Answers NextCollections

Last updated 10 months ago

Was this helpful?

ClearFeed is built from the ground up by an experienced team with security, privacy, and compliance prioritized from day one.

We are SOC2 Type 2 Certified (Report available on request to security@clearfeed.ai)
We are GDPR Compliant
We perform annual application-level penetration tests via an independent third party (Report available on request to security@clearfeed.ai)
All customer data is encrypted at rest and in transit, and access is protected behind your enterprise SSO.

Why isn't ClearFeed listed on the Slack Marketplace?

If you install the ClearFeed App on Slack, you will see the following banner before authorizing the app.

Our application for the Slack Marketplace is currently under review and we are actively working with the team at Slack to get ClearFeed listed. We will post the progress here as we get better visibility.

But you can safely install the ClearFeed App on your Slack Workspace. The following section details an overview of Security on ClearFeed.

Overview of Security on ClearFeed:

Infrastructure Security

Our infrastructure is hosted on AWS in the us-east-1 region across three availability zones.
By default, we block all traffic at a network level and only open specific ports as required to deliver the ClearFeed service.
Any escalated access to infrastructure requires a VPN or a whitelisted IP with 2-factor authentication.
We use AWS GuardDuty to detect unusual traffic and unauthenticated access to our critical systems.
Host-based intrusion detection systems are in active use.

Data Encryption

All critical data that we store is encrypted at rest and in transit.

Failover and disaster recovery

All of our production infrastructure is built with redundancies in place, in highly-available configurations spread over three different availability zones in the us-east-1 AWS region.
We have a disaster recovery plan which is reviewed every 6 months and a tabletop exercise is conducted by the management to verify that the plan is up to date.

Inventory and configuration

Infrastructure is kept as code using , and other infrastructure-as-code tools with changes going through a process very similar to the application-level software development process. We make use of separate infrastructure for development, staging, and live environments, with no sharing of data between environments.

Identity and Access Control

Access to all of our critical systems requires 2FA authentication to sign in.
Access to customer data is limited to authorized employees who require it for operational and maintenance activities.
Access to sensitive production data is limited to just the DevOps team.

Monitoring and logging

We do extensive monitoring of infrastructure and application performance, which usually allows us to detect issues before many customers experience them.
Automated alerts are set up with the help of . All alerts are acknowledged within 10 minutes.

Penetration Testing

We perform annual application-level penetration tests via an independent third party.
We aim to fix any discovered critical issues within 2 business days, and high-severity issues within 30 business days.
Medium-severity and lower-severity issues are handled as part of ongoing security work.
Please email to get a copy of our penetration testing report.

Incident response

ClearFeed implements a protocol for handling security events and other operational issues, including escalation procedures, rapid mitigation, and post-mortems.
You can visit our to get updates on potential issues, and even subscribe to automatic updates.

User Consent

We rigorously adhere to GDPR requirements, ensuring that all data processing activities meet the highest standards of security, transparency, and user consent mandated by EU regulations.
We obtain explicit consent from users before utilizing cookies, ensuring full compliance with GDPR guidelines.

Compliance

ClearFeed is SOC2 Type 2 compliant and GDPR compliant.
To get a copy of our SOC2 compliance report, please email .

Data retention

By Default, ClearFeed stores Slack message data for 60 days (excluding attachments), deleting raw messages after this period. Metadata and perpetual statistics like response times are retained. You can edit the data retention policy
You can read more about data retention and how to set custom policies from the ClearFeed web app:

Terms of Service, Privacy Policies and DPA

Our standard policies are listed on our public website:
- Terms of Service -
- Privacy Policy -
- DPA:
All our Enterprise product editions support customer DPA, Terms of Service, and Security Reviews. You can reach out to us at security@clearfeed.ai for these reviews.

Security questions or issues?

If you think you may have found a security vulnerability within ClearFeed, please .

Infrastructure is kept as code using , and other infrastructure-as-code tools with changes going through a process very similar to the application-level software development process. We make use of separate infrastructure for development, staging, and live environments, with no sharing of data between environments.

Automated alerts are set up with the help of . All alerts are acknowledged within 10 minutes.

Please email to get a copy of our penetration testing report.

You can visit our to get updates on potential issues, and even subscribe to automatic updates.

To get a copy of our SOC2 compliance report, please email .

You can read more about data retention and how to set custom policies from the ClearFeed web app:

Terms of Service -

Privacy Policy -

DPA:

If you think you may have found a security vulnerability within ClearFeed, please .

Terraform

Sentry

security@clearfeed.ai

status page

security@clearfeed.ai

https://clearfeed.ai/tos

https://clearfeed.ai/privacy-policy

https://clearfeed.ai/dpa

get in touch with our security team

#data-retention-policy-and-settings