Minimize what we collect
We only ingest calls a rep explicitly starts recording. Default retention is 90 days for audio, 24 months for transcripts — both tightenable workspace-wide.
clovrTrust Center
Trust center
Trust at Clovr.
Clovr handles sales conversations — the most candid version of how your team talks to customers. Treating that data with care isn’t a feature, it’s the job. This page documents how we collect, protect, and give you control over what we hear.
Three principles
How we think about your data.
Protect what we have
TLS 1.3 in transit, AES-256 at rest, mandatory MFA for every internal account. Production access is limited to a small, named group with audit logging on every read.
Give you control
Export your data any time. Delete a single recording or your whole account. See who in your team accessed what and when. You own the tape, not us.
Compliance
Certifications and data flow.
Clovr is built on infrastructure that collectively holds the certifications below. Our own SOC 2 Type II audit is in progress.
SOC 2 Type II
Across every production system
ISO 27001
Hosting, edge, and source control
ISO 27017
Cloud-specific security
ISO 27018
Cloud-specific privacy of PII
HIPAA
Speech-to-text inference
HIPAA-eligible
Database and object storage
GDPR
All processing of EU personal data
PIPEDA
All processing of Canadian personal data
CCPA
All processing of California personal data
Where your data lives, by service.
The functional role, hosting region, and compliance posture of each system involved in delivering Clovr — without identifying the specific providers.
Application hosting and edge delivery
- Region
- USA (multi-region)
- Compliance
- SOC 2 Type II, ISO 27001
Primary database, object storage, backups
- Region
- Canada (Toronto)
- Compliance
- SOC 2 Type II, HIPAA-eligible
Speech-to-text inference
- Region
- USA
- Compliance
- SOC 2 Type II, HIPAA
Large language model inference
- Region
- USA
- Compliance
- SOC 2 Type II
Identity and end-user authentication
- Region
- USA
- Compliance
- SOC 2 Type II
DNS, CDN, DDoS protection
- Region
- Global edge
- Compliance
- SOC 2 Type II, ISO 27001
Transactional email delivery
- Region
- USA
- Compliance
- SOC 2 Type II
Source control and dependency scanning
- Region
- USA
- Compliance
- SOC 2 Type II, ISO 27001
| Service & purpose | Region | Compliance |
|---|---|---|
| Application hosting and edge delivery | USA (multi-region) | SOC 2 Type II, ISO 27001 |
| Primary database, object storage, backups | Canada (Toronto) | SOC 2 Type II, HIPAA-eligible |
| Speech-to-text inference | USA | SOC 2 Type II, HIPAA |
| Large language model inference | USA | SOC 2 Type II |
| Identity and end-user authentication | USA | SOC 2 Type II |
| DNS, CDN, DDoS protection | Global edge | SOC 2 Type II, ISO 27001 |
| Transactional email delivery | USA | SOC 2 Type II |
| Source control and dependency scanning | USA | SOC 2 Type II, ISO 27001 |
Live posture
Security controls, in production.
Every panel below is operational today. Each is monitored continuously; status reflects the current state of the system.
Infrastructure
- Application runs on a SOC 2 Type II cloud edge platform; traffic is served from the region closest to each user.
- Production database is a SOC 2 Type II managed Postgres environment in a Canadian region (Toronto).
- Daily encrypted database backups with 7-day point-in-time recovery.
- DNS, edge caching, and DDoS protection through a SOC 2 Type II / ISO 27001 edge provider.
- No customer data on developer laptops; all production access happens through hosted, audit-logged dashboards.
Encryption
- TLS 1.3 enforced for all transport. HTTP requests redirect to HTTPS, with HSTS enabled.
- AES-256 for data at rest across the database, object storage, and backups.
- Recorded audio files are private by default and accessed only through short-lived signed URLs.
- Secrets and API keys held in encrypted environment vaults; never in source control or developer machines.
Authentication & access
- Customer authentication managed by a SOC 2 Type II identity provider, with optional MFA for end users.
- Mandatory MFA for every Clovr team member on every internal production system.
- Principle of least privilege: production database access is limited to founders plus a named on-call engineer.
- Row-level security policies scope every database query to the authenticated organization.
- Role-based access in the dashboard so reps, managers, and admins each see only what they should.
Application security
- Automated dependency scanning across the production codebase; patches applied on a weekly cadence.
- Code review required on every change to the production codebase.
- Content Security Policy and modern security headers on every customer-facing surface.
- Authenticated API routes verify the session on every request; no anonymous writes.
- Static analysis runs on every pull request, with security regressions blocking merge.
Data minimization
- We only ingest calls a user explicitly starts recording from the Clovr app — never silent background capture.
- Default retention is 90 days for raw audio and 24 months for transcripts. Both are configurable down to 7 days for audio.
- Customer recordings are never used to train AI models — neither ours nor any third party's. Contractually enforced with every inference provider.
- PII redaction available on transcripts before they're shared outside the team.
Privacy & consent
- Recording consent prompt is configurable per jurisdiction (one-party vs. two-party consent).
- Audible disclosure available for two-party consent jurisdictions.
- Data subject access requests (PIPEDA, GDPR, CCPA) honored within 30 days; contact [email protected].
- Data residency: customer data stored in Canadian regions by default. EU residency available on enterprise plans.
Personnel & operations
- All Clovr employees and contractors sign confidentiality and acceptable-use agreements before access is granted.
- Background checks for any role with production access.
- Annual security awareness training, including phishing drills.
- Quarterly access reviews; departing personnel are deprovisioned the same day.
Incident response
- Documented incident response plan with defined severity tiers and communication paths.
- On-call rotation for the engineering team; uptime monitoring across hosting and database.
- Material incidents communicated to affected customers within 72 hours of confirmation, in line with PIPEDA breach reporting expectations.
- Public post-mortem published for any incident that impacts customer data or causes meaningful downtime.
Frequently asked
The questions we get most.
Does Clovr record my sales calls?
Only the ones you explicitly start recording from the Clovr app. Calls are never captured silently in the background and we don't ingest meetings outside of those a user has actively opened in the dashboard.
How long do you keep the recordings?
By default, raw audio is retained for 90 days and transcripts for 24 months. Both windows are configurable down to as little as 7 days for audio and 90 days for transcripts on any paid plan.
Who at Clovr can see my data?
Production database access is limited to two founders and a named on-call engineer, and we keep an audit log of every admin query. Routine support is handled without engineers needing to read transcript content unless you explicitly grant access on a specific ticket.
Do you use my recordings to train AI models?
No. Customer recordings, transcripts, and coaching artifacts are never used to train Clovr models or any third-party model. This is contractually enforced with every inference provider we use, and is the default on the plans we operate under.
Where is my data stored geographically?
Customer data is stored in a Canadian region (Toronto) by default. EU residency is available on enterprise plans by request. AI inference happens in the US; only the audio for the specific call being processed transits there, never the broader dataset.
How is consent handled for call recording?
Recording consent is configurable per workspace and per jurisdiction. We support a one-party-consent mode (silent disclosure) and a two-party-consent mode (audible disclosure plus written notice). The product warns reps when they're calling into jurisdictions that legally require two-party consent.
Is Clovr SOC 2 certified?
Not yet. Every production system we depend on holds a current SOC 2 Type II report, which we can share under NDA. Clovr's own Type II audit is on the roadmap for late 2026.
Are you GDPR, PIPEDA, and CCPA compliant?
Yes. We honor access, correction, deletion, and portability requests from any data subject in any jurisdiction. Send the request to [email protected] and we'll fulfill it within 30 days, sooner where statutorily required.
Can I get a copy of all my data?
Yes — workspace admins can request a full export at any time. The export ships as a downloadable archive containing audio (original format), transcripts (JSON), and coaching artifacts (JSON), with a manifest mapping each record to the original call.
What happens to my data if I cancel?
On cancellation we retain your data for 30 days in case you reactivate, then hard-delete everything: database rows, audio files, search indices, and backups (purged on the next backup rotation, no later than day 37). You can request earlier deletion at any point.
Do you support SSO?
Yes — Google Workspace and Microsoft Entra ID are supported on every plan. SAML for other identity providers is available on enterprise plans.
Do you perform penetration testing?
Annual third-party penetration testing is scheduled to begin in Q3 2026 alongside our SOC 2 Type I audit. Day-to-day we rely on continuous static analysis, dependency scanning, and routine internal red-teaming.
How are admin actions logged?
Every dashboard write produces an immutable audit event. Workspace admins can review who viewed, exported, or deleted a recording from the audit log in settings, with a 12-month retention window.
What's the easiest way to get a DPA or security questionnaire signed?
Use the Request access form on this page. We typically return signed documents within two business days.
Updates
Recent changes.
Material changes to controls, compliance, or data handling get logged here. Anything else, write to [email protected].
- April 2026
Mandatory MFA for Clovr team accounts
Every internal account on every production system now requires a hardware-backed second factor.
- March 2026
Configurable retention windows
Workspace admins can now set per-workspace retention for raw audio (down to 7 days) and transcripts (down to 90 days).
- February 2026
Row-level security audit
Completed a full review of database access policies; added missing scoping to two read paths and added regression tests for every table.
- January 2026
Trust Center published
First public version of this page. Tracking real controls, real compliance, real gaps.
Resources
Documents and contact.
Privacy Policy
How we collect, use, store, and share personal data across the Clovr platform.
Read policy
Terms of Service
Service-level commitments, acceptable use, and contractual terms for using Clovr.
Read terms
Talk to a human
Vulnerability disclosure, custom DPA terms, enterprise residency questions, anything else.
[email protected]
Still have questions?
We answer them ourselves.
Security inquiries go to a founder, not a ticketing queue. Reasonable response time is one business day; vulnerability reports get the fastest response we can manage.