Security

Your data, protected

Last updated: 19 February 2026

Our approach

Security isn't an afterthought at Clawwell — it's foundational. We handle sensitive professional data every day, and we treat that responsibility seriously. Our systems are designed to protect your information at every layer.

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Conversations between you and your assistant are encrypted end-to-end through our infrastructure. We never store messages in plaintext.

Infrastructure

Clawwell runs on enterprise-grade, ISO 27001 certified cloud infrastructure. Our servers are hosted in secure data centres with physical access controls, redundant power, and 24/7 monitoring.

• Isolated compute environments for each customer
• Automated security patching and updates
• Geographic redundancy for high availability
• Regular backups with encrypted storage

Access controls

We operate on the principle of least privilege. Access to production systems is restricted to authorised personnel only, protected by multi-factor authentication and time-limited credentials. All access is logged and audited.

AI model security

Your conversations are processed by best in class AI models to power your assistant. We never use your data to train or fine-tune AI models. Your professional data stays yours — it is used only to respond to your requests in real time.

Data handling

• We never sell your data to third parties
• We never share data for marketing purposes
• Conversation data is retained only for the duration of your subscription
• Data is deleted within 90 days of account closure
• You can request a full export or deletion at any time

Testing and auditing

We conduct regular penetration testing and vulnerability assessments. Our codebase undergoes security reviews, and we maintain an incident response plan that is tested and updated regularly.

Compliance

Clawwell processes data in accordance with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations (PECR)

For more details, see our Privacy Policy and GDPR page.

Responsible disclosure

If you discover a security vulnerability, please report it responsibly to security@clawwell.com. We take all reports seriously and will respond promptly.

Questions

For security-related enquiries, contact us at security@clawwell.com.