🔐Security

Secure from Day 1

ClearFeed is built from the ground up by an experienced team with security, privacy, and compliance prioritized from day one.

  • We are SOC2 Type 2 Certified (Report available on request to security@clearfeed.ai)

  • We perform annual application-level penetration tests via an independent third party (Report available on request to security@clearfeed.ai)

  • All customer data is encrypted at rest and in transit, and access is protected behind your enterprise SSO.

Why isn't ClearFeed listed on the Slack Marketplace?

If you install the ClearFeed App on Slack, you will see the following banner before authorizing the app.

You are seeing this message because our app is not listed on the Slack Marketplace.

While there are some technical nuances, at a high level the key issue cited by the Slack Marketplace before listing ClearFeed App is around the storage of messages from Slack channels (both public and private) monitored by our app on ClearFeed servers.

We think this is important for us to offer a better experience to support teams:

  • We store these messages on ClearFeed servers so that we render them on the ClearFeed Webapp

  • Support teams use our Web app to triage and work on requests across multiple Slack channels from one place. They often review messages that are several months and years older.

  • This dramatically improves the efficiency of our customers and allows them to serve their customers faster and better

There could be some use cases for ClearFeed (eg. with integrations) in which we may be able to relax some of the storage constraints and offer a light app on the Slack marketplace. We are actively working to make these changes at our end and will work with Slack to make this listing possible. We will keep our progress updated here.

We are not available via the Slack Marketplace, but you can safely install the ClearFeed App on your Slack Workspace. The following section details an overview of Security on ClearFeed.

Overview of Security on ClearFeed:

Infrastructure Security

  • Our infrastructure is hosted on AWS in the us-east-1 region across three availability zones.

  • By default, we block all traffic at a network level and only open specific ports as required to deliver the ClearFeed service.

  • Any escalated access to infrastructure requires a VPN or a whitelisted IP with 2-factor authentication.

  • We use AWS GuardDuty to detect unusual traffic and unauthenticated access to our critical systems.

  • Host-based intrusion detection systems are in active use.

Data Encryption

  • All critical data that we store is encrypted at rest and in transit.

Failover and disaster recovery

  • All of our production infrastructure is built with redundancies in place, in highly-available configurations spread over three different availability zones in the us-east-1 AWS region.

  • We have a disaster recovery plan which is reviewed every 6 months and a tabletop exercise is conducted by the management to verify that the plan is up to date.

Inventory and configuration

  • Infrastructure is kept as code using Terraform, and other infrastructure-as-code tools with changes going through a process very similar to the application-level software development process. We make use of separate infrastructure for development, staging, and live environments, with no sharing of data between environments.

Identity and Access Control

  • Access to all of our critical systems requires 2FA authentication to sign in.

  • Access to customer data is limited to authorized employees who require it for operational and maintenance activities.

  • Access to sensitive production data is limited to just the DevOps team.

Monitoring and logging

  • We do extensive monitoring of infrastructure and application performance, which usually allows us to detect issues before many customers experience them.

  • Automated alerts are set up with the help of Sentry. All alerts are acknowledged within 10 minutes.

Penetration Testing

  • We perform annual application-level penetration tests via an independent third party.

  • We aim to fix any discovered critical issues within 2 business days, and high-severity issues within 30 business days.

  • Medium-severity and lower-severity issues are handled as part of ongoing security work.

  • Please email security@clearfeed.ai to get a copy of our penetration testing report.

Incident response

  • ClearFeed implements a protocol for handling security events and other operational issues, including escalation procedures, rapid mitigation, and post-mortems.

  • You can visit our status page to get updates on potential issues, and even subscribe to automatic updates.

Compliance

  • ClearFeed is SOC2 Type 2 compliant.

  • To get a copy of our SOC2 compliance report, please email security@clearfeed.ai.

Data retention

  • By Default, ClearFeed stores Slack message data for 60 days (excluding attachments), deleting raw messages after this period. Metadata and perpetual statistics like response times are retained. You can edit the data retention policy

Terms of Service, Privacy Policies and DPA

Security questions or issues?

Last updated