🔐Security

Secure from Day 1

ClearFeed is built from the ground up by an experienced team with security, privacy, and compliance prioritized from day one.

  • We are SOC2 Type 2 Certified (Report available on request to security@clearfeed.ai)

  • We perform annual application-level penetration tests via an independent third party (Report available on request to security@clearfeed.ai)

  • All customer data is encrypted at rest and in transit, and access is protected behind your enterprise SSO.

Why isn't ClearFeed listed on the Slack Marketplace?

If you install the ClearFeed App on Slack, you will see the following banner before authorizing the app.

Our application for the Slack Marketplace is currently under review and we are actively working with the team at Slack to get ClearFeed listed. We will post the progress here as we get better visibility.

But you can safely install the ClearFeed App on your Slack Workspace. The following section details an overview of Security on ClearFeed.

Overview of Security on ClearFeed:

Infrastructure Security

  • Our infrastructure is hosted on AWS in the us-east-1 region across three availability zones.

  • By default, we block all traffic at a network level and only open specific ports as required to deliver the ClearFeed service.

  • Any escalated access to infrastructure requires a VPN or a whitelisted IP with 2-factor authentication.

  • We use AWS GuardDuty to detect unusual traffic and unauthenticated access to our critical systems.

  • Host-based intrusion detection systems are in active use.

Data Encryption

  • All critical data that we store is encrypted at rest and in transit.

Failover and disaster recovery

  • All of our production infrastructure is built with redundancies in place, in highly-available configurations spread over three different availability zones in the us-east-1 AWS region.

  • We have a disaster recovery plan which is reviewed every 6 months and a tabletop exercise is conducted by the management to verify that the plan is up to date.

Inventory and configuration

  • Infrastructure is kept as code using Terraform, and other infrastructure-as-code tools with changes going through a process very similar to the application-level software development process. We make use of separate infrastructure for development, staging, and live environments, with no sharing of data between environments.

Identity and Access Control

  • Access to all of our critical systems requires 2FA authentication to sign in.

  • Access to customer data is limited to authorized employees who require it for operational and maintenance activities.

  • Access to sensitive production data is limited to just the DevOps team.

Monitoring and logging

  • We do extensive monitoring of infrastructure and application performance, which usually allows us to detect issues before many customers experience them.

  • Automated alerts are set up with the help of Sentry. All alerts are acknowledged within 10 minutes.

Penetration Testing

  • We perform annual application-level penetration tests via an independent third party.

  • We aim to fix any discovered critical issues within 2 business days, and high-severity issues within 30 business days.

  • Medium-severity and lower-severity issues are handled as part of ongoing security work.

  • Please email security@clearfeed.ai to get a copy of our penetration testing report.

Incident response

  • ClearFeed implements a protocol for handling security events and other operational issues, including escalation procedures, rapid mitigation, and post-mortems.

  • You can visit our status page to get updates on potential issues, and even subscribe to automatic updates.

Compliance

  • ClearFeed is SOC2 Type 2 compliant.

  • To get a copy of our SOC2 compliance report, please email security@clearfeed.ai.

Data retention

  • By Default, ClearFeed stores Slack message data for 60 days (excluding attachments), deleting raw messages after this period. Metadata and perpetual statistics like response times are retained. You can edit the data retention policy

Terms of Service, Privacy Policies and DPA

Security questions or issues?

Last updated