Trust & Security

Security & data protection

Clozo is built for EU freelancers handling sensitive client data and financial records. Here is how we protect it.

Data encryption

All data is encrypted in transit using TLS 1.3. Data at rest is encrypted by the hosting provider using AES-256.

EU data residency

All customer data (proposals, invoices, client data) is stored in the EEA (European Economic Area). No data is transferred outside the EEA without appropriate safeguards.

GDPR compliance

Clozo operates as an EU-based data controller (Spain) under GDPR, ePrivacy Directive, and Spanish LOPDGDD. A Data Processing Agreement (DPA) is available on request.

Sub-processors

We publish a full list of sub-processors (Stripe, Cloudflare, Sentry, PostHog, etc.) with their roles and data residency. See the sub-processors page for the current list.

Compliance roadmap

SOC 2 Type II — on roadmap for 2027
ISO 27001 — under evaluation
Penetration testing — annual third-party review planned

Sub-processors list Privacy policy Data Processing Agreement Report a security issue