Security Features Overview
An overview of ClauseBase's security features is provided below.
GDPR
ClauseBase BVBA is a Belgian legal entity, subject to the strict requirements of the EU General Data Protection Regulation. A privacy statement is separately available at https://legal.clausebase.com/; a list of relevant subcontractors is available at https://legal.clausebase.com/privacy/sub-processors.
Architecture
Our products such as Clause9 and ClauseBuddy are single-page applications (SPA) that can only be accessed through a secure (HTTPS) connection, either a modern standalone browser (Clause9), or as an MS Word or Outlook plugin (ClauseBuddy). The applications rely on JavaScript at client-side to interact with centrally hosted data on a single server. A secured WebSockets connection (wss://…) to the server is persistently maintained by each user’s browser, to allow for real-time interactions; if a user's firewall blocks Websockets, then AJAX polling is used as a fallback. Any time the connection is interrupted, the browser will store the current working session in its memory, and then block the user from continuing, so as to prevent data loss. All data exchanged between the browser and the server is encrypted, strongly compressed, and protected against Cross-Site Request Forgery (CSRF) attacks.
At client side, all working data is exclusively kept within the temporary JavaScript environment. The only data that is permanently stored consists of an HMAC (SHA-512) encrypted cookie (less than 100 bytes, expiry after 3 months, to allow for automatic re-connection) and a handful of trivial preference cookies, each typically less than 30 bytes, that store the position of a user’s window layout. Login cookies can be centrally invalidated on a per-user basis, so as to force a new login if user devices or passwords would be compromised.
User & file management
A separate administrator account is created for each customer, to allow for centralized user, template and layout management. For each module, different kinds of access rights (read and/or write) can be set, e.g. on a per-folder basis for file-based modules, per “playbook” for the reviewing module, per “basket” for the clause search module, and so on.
Passwords in Clause9
User passwords must have a minimum of 8 characters, are checked for minimum complexity using Zxcvbn (rejecting common passwords, patterns, …) and are stored in the database with a salted hash (BCrypt combined with SHA-512) against rainbow table attacks. API-keys for Clause9 consist of 36 characters are generated on a per-user basis (password-based key derivation function 2 with Blake2b-512). Logins are optionally, on a per-user basis, secured by two-factor authentication, using industry-standard one-time password generator apps, such as Authy, Microsoft Authenticator or Google Authenticator. After 10 failed login attempts, the user will be automatically blocked for an increasing number of minutes, to stall brute-force attacks. It is also possible to connect through SSO via Azure.
Security codes in ClauseBuddy
ClauseBuddy allows login through "security codes": randomly generated codes of 28 characters that cannot be chosen by the user, can be made subject to expiry dates, and can be easily revoked by administrators. It is also possible to connect through SSO via Azure.
Servers
ClauseBase's servers are hosted in the EU (currently Germany), in data centers with ISO certification, guarded by on-site security guards, biometric readers, connected with redundant fibre, and has refunded configurations for all critical systems.
Access to servers and systems containing personal data is strictly limited to authorised ClauseBase administrators and is protected by appropriate security measures, including encrypted connections, strong authentication mechanisms, and role-based access controls.
For business continuity and resilience purposes, ClauseBase uses redundancy, backup, and failover mechanisms. Depending on the service configuration and the region of the customer or user, data may be hosted and backed up in different server environments.
ClauseBase has entered into appropriate data processing agreements with its hosting providers and ensures that suitable technical and organisational measures are in place to protect personal data in accordance with applicable data protection law.
Database structure
Each jurisdiction and special combination of templating language receives its own databases and subdomain. Enterprise customers requiring data isolation can request their own dedicated virtual machine and association custom subdomain. Data at rest is stored on encrypted disk partitions.
Pentest
Pentests are conducted each year by an accredited independent security consultant, the results can be inspected and orally discussed when desired.
Backups
A backup for the entire database is performed on an hourly basis, with an encrypted version of the backup stored by another data centre (even hours) and in principle by Scaleway (uneven hours), with offsite keys. To allow for exceptional access to historical versions, most changes to clauses and templates are also stored in a version-log that retains data for up to one month. Databases with precedents ("Truffle Hunt") are subject to a separate backup policy, with backups every week. Finally, an offline copy (resistant against ransomware) is created every two weeks. Backups are removed after 6 months.
Data retention
In most typical usage scenarios, data is only temporarily stored: within the JavaScript environment of the embedded browser until the webpage or Word/Outlook add-ins stored; server-side while everything is processing.
LLMs
ClauseBase is not in the business of creating its own AI model, so we do not use your data at all for AI modelling/training/finetuning, and have no plans in this direction. The only LLM-related processing we do with your data is so-called "prompt-engineering" in the background, passing on carefully selected fragements of your data to the LLM in order to get an answer. LLMs are chosen per geographical region. The default LLM is Microsoft GPT, hosted by Azure, with the "abuse monitoring exception" activated to avoid that prompts & answers are stored.
Logging
A central logging solution is installed for log analysis and intrusion, threat & vulnerability detection, with malware detection running on servers and laptops. We closely monitor the MITRE ATT&CK knowledge base. Logs are kept for 18 months.
Additional protection for document automation
Users can optionally store their answers in an encrypted format (ChaCha cipher). With a few limitations, it is possible to generate documents completely on the client-side, for those situations where customers really do not want any client-side sensitive data to ever touch the ClauseBase server.Users can store business data (answers to template questions) on the platform but are strongly advised to only do so on a temporary basis. To facilitate a fine-grained balance between business needs and data security, users can flag folders to automatically delete their contents after a user-defined number of days.
Development
ClauseBase is developed by a tightly controlled team of experienced JVM-targeted developers that take into account best security practices, such as WASP (SQL attacks, CRLF injections, XSS attacks, enterprise-grade security components, etc.). All ClauseBase staff members use desktop and/or mobile devices with strong encryption. All communication and data storage is done through the highly secure Microsoft O365 environment.
ISO27001
Since September 2023, ClauseBase is ISO27001:2022 certified, covering all controls of the standard. The certificate can be downloaded below:
Updates
December 2025: Updated the text to reflect oncoming changes triggered by the acquisition by LawVu Limited.
Last updated