Security and Compliance Reports

ClickHouse Cloud continuously evalutates the security and compliance needs of our customers and is continuously expanding the program as additional reports are requested. For additional information or to download the reports visit our Trust Center.

SOC 2 Type II (Since 2022)

System and Organization Controls (SOC) 2 is a report focusing on security, availability, confidentiality, processing integrity and privacy criteria contained in the Trust Services Criteria (TSC) as applied to an organization's systems and is designed to provide assurance about these controls to relying parties (our customers). ClickHouse works with independent external auditors to undergo an audit at least once per year addressing security, availability, confidentiality and processing integrity of ClickHouse Cloud.

ISO 27001 (Since 2023)

International Standards Organization (ISO) 27001 is an international standard for information security. It requires companies to implement an Information Security Management System (ISMS) that includes processes for managing risks, creating and communicating policies, implementing security controls, and monitoring to ensure components remain relevant and effective. ClickHouse conducts internal audits and works with independent external auditors to undergo audits and interim inspections for the 2 years between certificate issuance.

U.S. DPF (Since 2024)

The U.S. Data Privacy Framework was developed to provide U.S. organizations with reliable mechanisms for personal data transfers from the United States to the European Union/ European Economic Area, the United Kingdom, and Switzerland that are consistent with EU, UK and Swiss law (https://dataprivacyframework.gov/Program-Overview). ClickHouse self-certified to the framework and is listed on the Data Privacy Framework List).

Privacy Compliance

In addition to the items above, ClickHouse maintains internal compliance programs addressing the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and other relevant privacy frameworks. Details on personal data that ClickHouse collects, how it is used, how it is protected and other privacy related information can be found in the following locations.

Legal Documents

• Privacy Policy
• Cookie Policy
• Data Privacy Framework Notification
• Data Processing Addendum (DPA)

Processing Locations

• Sub-Processors and Affiliates
• Data Processing Locations

Additional Procedures

• Personal Data Access
• Delete Account

Payment Compliance

ClickHouse provides a secure method to pay by credit card that is compliant with PCI SAQ A v4.0.