Security

Enterprise-Grade Security & Compliance

Contracts are business-critical documents, so it’s important that your contract management system protects your documents while they’re being created, edited, stored, and processed. 

Security-conscious organizations like Fitbit, L’Oréal, and Staples rely on Ironclad to power their agreements. Here’s how we ensure enterprise-level security for all our customers.

Request demo

Encryption & Infrastructure

  • Encryption. Encryption of all data in transit (using TLS 1.2 or higher) and at rest (through AES-256).
  • Cloud-based deployment. Ironclad uses the US-hosted Google Cloud Platform for production servers and operates in multiple zones to create robustness against outages.

Cybersecurity & Operational Security 

  • Penetration testing. Ironclad conducts annual penetration testing and quarterly vulnerability testing to proactively identify and remediate any security vulnerabilities in the Ironclad system.
  • Operational security. Ironclad’s operational security policies include policies governing IT assets, access controls, internet access policies, antivirus policies, remote access policies, and other risk mitigation measures. These may be provided upon request.

Policies & Certifications

checkmark

Security Certifications

Ironclad has been SOC 2, Type II certified since 2017.

checkmark

Data Retention Policy

Ironclad’s physical and electronic records data retention policies ensure that records that are no longer needed by Ironclad or are of no value are deleted at regular intervals.

checkmark

GDPR Compliance

Ironclad’s GDPR compliance program include Standard Contractual Clauses in conjunction with its Data Processing Addendum.

checkmark

User Permission Management

Ironclad operates according to the principle of least privilege and conducts regular checks to ensure that Ironclad personnel are only granted the permissions they need to conduct their job functions.