Security at ClockVe.
Your payroll data, your team's location history, your schedules. Treated like the load-bearing data they are. No tracking pixels, no third-party data brokers, no surprises.
How we do it
Encryption in flight + at rest
TLS 1.2+ for every HTTP request. Postgres data encrypted at rest. Backups encrypted before they leave the database.
US-hosted, no third-party data brokers
Production data lives in a US data center (New York). We do not sell, share, or syndicate your data to anyone. Period.
Role-based access
OrgAdmin / Manager / Team Lead / Employee with explicit scopes. The only person who can export your payroll data is the person you authorize.
Sign in with the identity you trust
Email + password, Google SSO standard on every plan. SAML / Okta on Enterprise. Passwords are bcrypt-hashed; we never see them.
You own your data, always
CSV export from the dashboard. Full database export on request. Account deletion within 30 days of request. No vendor lock-in, ever.
Audit logs
Every action that touches sensitive data (payroll exports, role changes, manual time edits) is logged with who/when/what. Logs are retained 90 days on all plans.
Certifications
| Standard | Status | Detail |
|---|---|---|
| SOC 2 Type II | In progress | Type II audit underway with a Big 4 firm. Report due Q1 2027. |
| GDPR-ready | Yes | Data Processing Agreement available on request. EU data residency on Enterprise. |
| CCPA-compliant | Yes | Right to delete + right to know honored within 30 days. |
| PCI-DSS | Out of scope | Payments are processed by Stripe — your card never touches our servers. |
Disclosing a vulnerability? Email security@clockve.com. We respond within 48 hours and credit responsible disclosure in our changelog.
Questions before you trust us with payroll data?
Send them. We answer everything.