Security & data protection

Data center

Dedicated physical server @Hetzner

ClauseBase uses a dedicated (non-cloud) production Linux server, hosted by the German hosting company Hetzner, with whom a formal GDPR data processing agreement is concluded. The server is physically located in the Helsinki data center.

This data center runs 100% on wind and hydropower, has ISO certification (audit report available on request), is guarded by on-site security guards, biometric readers, connected with redundant fibre, and has redundant configurations for all critical systems. The server can only be accessed by ClauseBase administrators, through an encrypted VPN connection secured with a strong password.

Secondary storage @Upcloud

Additionally, we use cloud servers from Finnish hosting provider Upcloud (Madrid and Frankfurt), physically located in data centres operated by InterXion, for SSO connectivity and encrypted storage of hourly database backups.

Both data centers run 100% on renewable energy, have several ISO security certifications (ISO 27001 and ISO 22301), and have state-of-the-art security and redundancy.

Backups

The entire database cluster is backed up on a daily basis, encrypted with offsite keys, and then sent to two different data centers (Frankfurt and Falkenstein, both in Germany), operated by different hosting providers.

In addition, the databases used by ClauseBase are backed up on an hourly basis. To allow for exceptional access to historical versions, most changes to clauses and templates are stored in a version-log that retains data for up to one month.

Uptime

The uptime of all our public servers isavailable at status.clausebase.com. Private instances for specific clients receive their own status page.

Secure software architecture

Single Page Application

ClauseBase uses a single-page application (SPA) architecture that can only be accessed through a secure (HTTPS) connection, either a modern standalone browser, or as an MS Word or Outlook plugin. The application relies on JavaScript at client-side to interact with the central server.

Secure Websockets

A secured WebSockets connection (wss://…) to the server is persistently maintained by each user’s browser, to allow for real-time interactions; if a user's firewall blocks Websockets, then AJAX polling is used as a fallback.

Any time the connection is interrupted, the browser will store the current working session in its memory, and then block the user from continuing, so as to prevent data loss.

CSRF

All data exchanged between the browser and the server is encrypted, strongly compressed, and protected against Cross-Site Request Forgery (CSRF) attacks.

Client-side storage

At client side, all working data is exclusively kept within the temporary JavaScript environment. The only data that is permanently stored consists of an HMAC (SHA-512) encrypted cookie (less than 100 bytes, expiry after 3 months, to allow for automatic re-connection) and a handful of trivial preference cookies, each typically less than 30 bytes, that for example store the position of a user’s window layout.

Login cookies can be centrally invalidated on a per-user basis, so as to force a new login if user devices or passwords would be compromised.

Data retention

In most typical usage scenarios (question & answer templates), any business data inserted into templates is only kept within the JavaScript environment of the client-side browser. When a .PDF or .DOCX file is generated by the server, any such business data sent to the server using the secure WebSockets-connection is deleted from the server environment in a period between 60 – 120 seconds after the file was generated.

Logging

We have installed a SIEM & XDR solution forlog analysis and intrusion, threat & vulnerability detection, with agentsrunning on our dedicated server and all our laptops. We closely monitor the MITRE ATT&CK knowledge base. We will be deploying Apple's MDM solution in Q1 2023.

Authentication & authorisation

Password management

User passwords must have a minimum of 8 characters, are checked for minimum complexity using Zxcvbn (rejecting common passwords, patterns, …) and are stored in the database with a salted hash (BCrypt combined with SHA-512) against rainbow table attacks. API-keys consist of 36 characters are generated on a per-user basis (password-based key derivation function 2 with Blake2b-512).

Logins

Logins are optionally, on a per-user basis, secured by two-factor authentication (2FA), using industry-standard one- time password generator apps, such as Authy, Microsoft Authenticator or Google Authenticator. After 10 failed login attempts, the user will be automatically blocked for an increasing number of minutes, to stall brute-force attacks. It is also possible to connect through SSO (e.g., Azure and Okta).

Single Sign On (SSO)

ClauseBase allows customers with Office & Enterprise subscriptions to allow users to login through Single Sign-On (SSO). We currently support Microsoft Azure, Okta, OneLogin, Salesforce and Google SAML.

Access rights

Granular access rights can be imposed on all clauses and documents, to reflect your working practices.

This allows you to, for example, give all lawyers access to all content, across all departments. Or perhaps you want to segment access per department? Maybe grant access to lawyers in cross-departmental industry groups?

GDPR compliance

About ClauseBase

ClauseBase BV is a Belgian legal entity, subject to the strict requirements of the EU General Data Protection Regulation. A privacy statement is separately available; a list of relevant subcontractors is also available.

Data protection law at heart

Both founders of the company are former lawyers specialised in EU data protection. It goes without saying that the entire product was built from the ground up to comply with the GDPR.

Going beyond geographical data storage

ClauseBase goes beyond what the GDPR requires. 

We not only avoid storing personal data outside the EU, but also actively avoid service providers established outside the EU, with the exception of Microsoft (for our internal O365 accounts) and Apple (for our laptops and smartphones).

Data protection features in our products
  • Any folder can be set to automatically delete its sensitive contents after a customisable period of time.

  • Generated .DOCX and .PDF files are very short-lived on our servers (between 60 and 120 seconds — essentially the time required to safely download these documents).

  • We provide you with the possibility to generate DOCX and PDF files completely within the end-user’s browser, so data protection legislation won’t even apply.

  • Users can optionally store their answers in an encrypted format (ChaCha cipher).

  • Backups are encrypted and stored on servers in a different data center.