Back to CLIQK

Trust & Security

Your data is your advantage. We treat it that way. Every engagement includes commercial-grade data handling as standard practice.

Every Engagement

Standard Practices

These commitments apply to every client engagement, regardless of scope or size.

No AI Model Training

Client data is never used to train, fine-tune, or improve AI models. This is guaranteed through contractual commitments with every sub-processor—not opt-out toggles or preference settings.

Segregated Environments

Every client engagement operates in its own isolated environment. Your data is never mixed with another client's information, and access is limited to the engagement team.

Commercial-Grade Infrastructure

All tools that process client data operate under Data Processing Agreements with no-training guarantees and are backed by SOC 2 Type II and ISO 27001 certifications. We do not use consumer-tier products for client work.

Encryption in Transit and at Rest

Data is encrypted across every layer—TLS in transit, full-disk encryption on our devices, and provider-level encryption at rest across all cloud infrastructure.

Available on Request

Enhanced Controls

Additional controls available for engagements with elevated compliance or regulatory requirements.

Written Deletion Certification

Formal written confirmation at engagement close that all client data has been removed from our systems, including local devices, cloud tools, and sub-processor infrastructure.

Incident Notification SLA

Documented incident response process with defined notification windows. Covers detection, containment, assessment, client notification, and remediation.

Zero Data Retention

Sub-processor configuration where data is not stored at rest after processing. Available for engagements with heightened sensitivity requirements.

Custom Retention Schedules

Defined data retention periods agreed in writing, with deletion timelines tailored to your compliance and operational requirements.

Principles We Follow

Our data handling is built on internationally recognized privacy principles, applied as a baseline to every engagement.

Purpose Limitation

Client data is used only for the stated engagement scope. No secondary use.

Data Minimization

We collect and process only what the engagement requires. We don't request access beyond the scope of work.

Storage Limitation

Data is retained only for the duration of the engagement. We don't keep what we don't need.

Accountability

We document what was processed, by which tools, and when it was deleted.

Before Every Engagement

Data handling is part of our standard onboarding—not an afterthought.

Sub-Processor Disclosure

A complete list of every tool that will handle your data, with their certifications and data handling commitments. Provided before work begins.

Data Handling Exhibit

A signed addendum to your NDA or engagement agreement specifying exactly how your data will be protected throughout the engagement lifecycle.

Questions?

If your legal or security team wants to discuss our data handling in detail, we welcome the conversation.

info@cliqk.com