Have more questions? Submit a request

Clio and compliance protection mechanisms

Every year, Clio conducts a self-assessment to ensure that our processes, configurations, and control mechanisms comply with relevant legislation. As a Clio subscriber, your plans and offerings come with various protection mechanisms in place that ensure the security and integrity of your data, including the following:

  • Data encryption in transit and at rest: Your data is secured both when it is being transmitted between devices or networks (in transit) and when it is stored on storage systems or servers (at rest). Encryption scrambles the data into an unreadable format, making it inaccessible to unauthorized users. This ensures that sensitive information remains protected from interception and unauthorized access, whether it is being transferred over networks or stored on servers or devices.
  • Restricted access to production environment: This security measure ensures that only authorized personnel can access production data, reducing the risk of unauthorized access to the infrastructure. 
  • Data backups performed multiple times per day: Data backups are conducted several times throughout the day, ensuring frequent and comprehensive protection of your information.
    Note: Despite the security protection mechanisms in place, we recommend that you retain a local backup of your data.
  • Strict logical system access controls: Clio has stringent measures and protocols implemented to regulate and manage access to computer systems and networks. These controls are designed to ensure that only authorized individuals can access data or resources within the system.
  • Mirrored data center facilities with daily backups to mitigate disaster situations: Mirrored data center facilities with daily backups offer extra protection against disasters. Data is copied to multiple centers and backed up daily, so even if one center fails, your information stays safe and operations can continue smoothly.
  • 99.9% uptime Service Level Agreement. Take a look at Clio’s current status and uptime percentages here.


Clio’s products have configurable administrative controls available to our customers, including:

  • Explicit authorization to read, download, and edit customer files.
  • Monitor and track access to customer files.
  • Reporting trail of account activities on both users and content.
  • Formally defined and tested breach notification policy.
  • Employee training on security policies and controls.
  • Highly restricted employee access to customer data files.


Clio and reporting security bugs or vulnerabilities

If you are aware of a valid security bug and/or security vulnerability on any Clio application (the mobile app, web app, and any add-ons), you can inform Clio's security team by completing Clio's responsible disclosure submission form here. Valid security vulnerabilities in any Clio application may be eligible for a reward. This includes novel discoveries, gaining additional illicit access, and OWASP Top Ten findings. Clio's security team will follow up with next steps within two business days of receiving the report. 

Note: Reports that are not disclosed responsibly are not eligible for any reward.


Need more help?

Was this article helpful?
0 out of 0 found this helpful