Security & data protection

ISO 27001 certified

ISO 27001:2022

ClauseBase is ISO 27001:2022 certified. 

Download the certificate.

Data center

Dedicated server @Hetzner

ClauseBase uses production Linux servers hosted by the German hosting company Hetzner, with whom a formal GDPR data processing agreement is concluded. The servers are physically located in the German data center.

This data center runs 100% on wind and hydropower, has ISO certification (audit report available on request), is guarded by on-site security guards, biometric readers, connected with redundant fibre, and has redundant configurations for all critical systems. The servers can only be accessed by ClauseBase administrators, through an encrypted VPN connection secured with a strong password.

Secondary backup storage @Scaleway

Additionally, we use cloud servers from French hosting provider Scaleway in Parisfor encrypted storage of hourly database backups.

Its data centers run 100% on renewable energy, have several ISO security certifications (ISO 27001), and have state-of-the-art security and redundancy.


The entire database cluster is backed up on a daily basis in the datacentre.

In addition, the databases used by ClauseBase are backed up on an hourly basis, encrypted with offsite keys, and then sent to two different data centers (France and another city in Germany), operated by different hosting providers. In addition, on a two-weekly basis, offsite copies are taken. To allow for exceptional access to historical versions, most changes to clauses and templates are stored in a version-log that retains data for up to one month.


The uptime of all our public servers isavailable at Private instances for specific clients receive their own status page.

Secure software architecture

Data minimisation by design
  • ClauseBase primarily stores clauses and template, which only exceptionally contain confidential data. 

  • ClauseBuddy and Clause9 do not provide facilities to manage existing contracts, as typical contract management solutions offer.

  • The platform performs strikes a logging balance between security requirements (where maximal logging is generally recommended) and personal data protection (where the minimally feasible amount of logging is preferred).

Single Page Application

ClauseBase uses a single-page application (SPA) architecture that can only be accessed through a secure (HTTPS) connection, either a modern standalone browser, or as an MS Word or Outlook plugin. The application relies on JavaScript at client-side to interact with the central server.


All data exchanged between the browser and the server is encrypted, strongly compressed, and protected against Cross-Site Request Forgery (CSRF) attacks.

Secure Websockets

A secured WebSockets connection (wss://…) to the server is persistently maintained by each user’s browser, to allow for real-time interactions; if a user's firewall blocks Websockets, then AJAX polling is used as a fallback.

Any time the connection is interrupted, the browser will store the current working session in its memory, and then block the user from continuing, so as to prevent data loss.

Data retention

In most typical usage scenarios (question & answer templates), any business data inserted into templates is only kept within the JavaScript environment of the client-side browser. When a .PDF or .DOCX file is generated by the server, any such business data sent to the server using the secure WebSockets-connection is deleted from the server environment in a period between 60 – 120 seconds after the file was generated.

Client-side storage

At client side, all working data is exclusively kept within the temporary JavaScript environment. The only data that is permanently stored consists of an HMAC (SHA-512) encrypted cookie (less than 100 bytes, expiry after 3 months, to allow for automatic re-connection) and a handful of trivial preference cookies, each typically less than 30 bytes, that for example store the position of a user’s window layout.

Login cookies can be centrally invalidated on a per-user basis, so as to force a new login if user devices or passwords would be compromised.


We have installed a SIEM & XDR solution for log analysis and intrusion, threat & vulnerability detection, with agents running on our dedicated server and all our laptops. We closely monitor the MITRE ATT&CK knowledge base.

On-premise hosting

The Enterprise version of the ClauseBase platform can optionally be installed on-premise, for customers that require exceptional levels of confidentiality. 

Authentication & authorisation

Password management

User passwords must have a minimum of 8 characters, are checked for minimum complexity using Zxcvbn (rejecting common passwords, patterns, …) and are stored in the database with a salted hash (BCrypt combined with SHA-512) against rainbow table attacks. API-keys consist of 36 characters are generated on a per-user basis (password-based key derivation function 2 with Blake2b-512).


Logins are optionally, on a per-user basis, secured by two-factor authentication (2FA), using industry-standard one- time password generator apps, such as Authy, Microsoft Authenticator or Google Authenticator. After 10 failed login attempts, the user will be automatically blocked for an increasing number of minutes, to stall brute-force attacks. It is also possible to connect through SSO (Azure).

Single Sign On (SSO)

ClauseBase allows customers with Office & Enterprise subscriptions to allow users to login through Azure Single Sign-On (SSO), for both Clause9 and ClauseBuddy.

Access rights

Granular access rights can be imposed on all clauses and documents, to reflect your working practices.

This allows you to, for example, give all lawyers access to all content, across all departments. Or perhaps you want to segment access per department? Maybe grant access to lawyers in cross-departmental industry groups?

GDPR compliance

About ClauseBase

ClauseBase BV is a Belgian legal entity, subject to the strict requirements of the EU General Data Protection Regulation.

We publish an entire separate website relating to data protection and legal compliance.

Data protection law at heart

Both founders of the company are former lawyers specialised in EU data protection. It goes without saying that the entire product was built from the ground up to comply with the GDPR.

Going beyond geographical data storage

ClauseBase goes beyond what the GDPR requires. 

We not only avoid storing personal data outside the EU, but also actively avoid service providers established outside the EU, with the exception of Microsoft (for our internal O365 accounts) and Apple (for our laptops and smartphones).

Data protection features in our products
  • Any folder can be set to automatically delete its sensitive contents after a customisable period of time.

  • Generated .DOCX and .PDF files are very short-lived on our servers (between 60 and 120 seconds — essentially the time required to safely download these documents).

  • We provide you with the possibility to generate DOCX and PDF files completely within the end-user’s browser, so data protection legislation won’t even apply.

  • Users can optionally store their answers in an encrypted format (ChaCha cipher).

  • Backups are encrypted and stored on servers in a different data center.