ClientSignal
Log inStart free

Security & Trust

Your clients trust you with their data. We take that responsibility seriously. Here's exactly how we protect it.

🔐

AES-256-GCM Encryption

All OAuth tokens and sensitive credentials are encrypted at rest using AES-256-GCM, the same standard used by banks and governments. Encryption keys are managed via environment variables, never stored alongside data.

🛡️

Row-Level Security (RLS)

Database tables enforce Supabase Row-Level Security policies. Your data is isolated at the database level — one agency can never access another agency's data, even in the event of an application-level bug.

🔗

OAuth 2.0 Integrations

We never ask for or store your Google, Meta, TikTok, HubSpot, Klaviyo, Mailchimp, or Slack passwords. All platform connections use OAuth 2.0 with minimal scopes. Tokens are encrypted at rest with AES-256-GCM. You can revoke access from the platform at any time.

☁️

SOC 2 Infrastructure

ClientSignal runs on Vercel (front-end) and Supabase (database), both of which are SOC 2 Type II certified. Your data is hosted in secure, audited data centers.

🤖

No AI Training on Your Data

Your client data, report content, and custom tone instructions are never used to train AI models. We use the Anthropic Claude API, which does not use API inputs or outputs for model training. Anthropic retains API data for up to 30 days for safety monitoring, then deletes it.

🌐

HTTPS Everywhere

All data in transit is protected with TLS encryption. API endpoints, webhooks, and email delivery all use HTTPS. No exceptions.

📊

Minimal Data Collection

We only collect data necessary to generate your reports: platform metrics, client names, and email addresses. We don't use tracking scripts, sell your data, or share it with third parties.

Review First Mode

Want to review every report before it reaches your client? Review First mode lets you approve each AI-generated report before delivery. Available on every plan as an opt-in setting per client.

🗑️

Data Portability & Deletion

You can export all your agency data at any time from Settings. You can also permanently delete your account and all associated data — client records, reports, and integrations are removed immediately.

Compliance

SOC 2 Infrastructure

Audited cloud providers

Data Export

Download your data anytime

Account Deletion

Full data removal on request

No Tracking Scripts

Zero third-party analytics

Questions about security?

We're happy to answer any questions about how we protect your data.

Contact us