ClickUp™ | Security Policy

Compliance

End-to-End Security

ClickUp is hosted entirely on Amazon Web Services (AWS), providing end-to-end security and privacy features built in. Our team takes additional proactive measures to ensure a secure infrastructure environment. For additional, more specific details regarding AWS security, please refer to https://aws.amazon.com/security/.

SOC 2 Compliance

Security and trust are integral at ClickUp. We have achieved audit certification for Service Organization Controls (SOC 2) Trust Services Principles, focused on security. Our continued SOC 2 certification ensures our organizational and technology controls are independently audited at least annually. Please contact sales@clickup.com for ClickUp's latest report.

ISO Certifications

ISO 27001:2022 is considered to be the highest international standard of information security as it relates to customer data. Following an extensive audit process the ISO 27001:2022, ISO 27017:2015, and ISO 27018:2019 certifications confirm that ClickUp meets the highest international standards for security, reliability, quality, and trust. These certifications also prove ClickUp commitment to continuously improving its information security posture. Please contact sales@clickup.com for ClickUp's ISO certificates.

ClickUp is proud to be among the first platforms to achieve ISO 42001 certification, the new global standard for Artificial Intelligence Management Systems. This rigorous certification demonstrates our commitment to secure, transparent, and ethical AI practices across all our solutions. By meeting ISO 42001 requirements, ClickUp ensures your organization benefits from AI that is both innovative and compliant. Our certification provides verifiable assurance that your data and workflows are protected by the highest standards in the industry. With ClickUp, you can trust that your AI-powered work is governed responsibly, giving you a competitive edge in today’s digital landscape.

Data Center Security

ClickUp customer data is hosted by Amazon Web Services (AWS), which is certified SOC 2 Type 2. AWS maintains an impressive list of reports, certifications, and third party assessments to ensure complete and ongoing state-of-the-art data center security.

AWS infrastructure is housed in Amazon-controlled data centers throughout the world, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access. More information on AWS data centers and their security controls can be found here..

Localized Data Residency

ClickUp customers who are on the Enterprise Plan have the option to host their core Workspace data in ClickUp’s US, European, or Asia Pacific data centers at no additional cost. With ownership over their hosting region, customers can ensure ClickUp meets their data security goals.

ClickUp supports Data Residency through our Amazon Web Services-operated data centers in Ireland (Europe Region), Australia (Asia Pacific Region), Singapore (Asia Pacific Region), and the United States.

Learn more Learn more here.

ClickUp Data Center Locations

Application Security

All ClickUp web application communications are encrypted over TLS 1.2, which cannot be viewed by a third party and is the same level of encryption used by banks and financial institutions. All data for ClickUp is encrypted at rest using AES-256 encryption.

ClickUp maintains ongoing PCI compliance, abiding by stringent industry standards for storing, processing and transmitting credit card information online.

ClickUp actively monitors ongoing security, performance and availability 24/7/365. We run automated security testing on an ongoing basis. We also contract a third party for penetration testing.

ClickUp Security team will continue to do everything to keep your data safe and advise you about risks and the availability of fixes here.

Regarding Privacy, you can view our full privacy policy here: https://clickup.com/terms/privacy For more information on ClickUp's Security Policy please see https://clickup.com/terms/security-policy

Encryption at Rest

Two-factor Authentication

Google SSO BUSINESS

Infrastructure Security

ClickUp's infrastructure is hosted in a fully redundant, secured environment, with access restricted to operations support staff only. This allows us to leverage complete data and access segregation, firewall protection, and other security features.

AI Security and Privacy

Improving the way you work

ClickUp AI is a comprehensive suite of conversational, contextual, and role-based AI features seamlessly integrated throughout the ClickUp platform. Use these AI features to connect your organization's people, work, and knowledge.

See how ClickUp and AI can revolutionize the way you work.

Your data is your own

ClickUp's AI partners are prohibited from using your data for training their models. ClickUp AI operates using in-context learning (ICL), which allows AI models to generate responses based on the immediate prompt context without permanently storing Workspace information. This means zero third-party data retention.

Proof of Our Commitment

Security you can trust

ClickUp permissions extend to ClickUp's AI features. If a user is using Brain Assistant, it cannot reveal anything that the user can't access themselves. AI Agents respect user permissions and can only see or act on what they have been given access to.

Full Transparency

We aim to make it easy for you to learn about how we protect and manage your data while using ClickUp AI:

We answer your most common AI privacy and security questions in our AI Security FAQ.

Read up on the ClickUp AI Additional Terms here.

No third-party data training

We forbid third-party AI providers from training on your data.

Zero third-party data retention

We don't allow third-party AI providers to store any of your data.

The best AI model always

We automatically test and choose the best AI model for each task.

Security