Operational Monitoring
What this document is:
An overview of how Clawscan monitors the health and operation of the platform through telemetry and diagnostic information.
Why this matters:
Operational monitoring helps ensure that the service operates reliably while maintaining strict boundaries around sensitive communication data.
Who should read this:
IT teams, security reviewers, system administrators, and procurement reviewers.
When to use this:
Operational assessments, vendor security reviews, architecture validation.
Purpose of operational monitoring
Clawscan uses operational monitoring to ensure the platform operates reliably and securely.
Monitoring supports:
- detection of technical errors
- system diagnostics
- operational reliability
- service usage monitoring
Operational monitoring helps GOlegal identify technical issues affecting the service while maintaining strict data exposure limitations.
See:
Telemetry model
Clawscan uses operational telemetry to observe system behaviour.
Telemetry is transmitted from the client tenant to the GOlegal control plane after local analysis is completed.
Telemetry may include information such as:
- scan timestamps
- domain identifiers associated with the analysis
- risk classification outputs generated by the analysis process
- operational identifiers used for troubleshooting
- service diagnostic metadata
Telemetry does not include raw communication content. Certain operational indicators may be made available to authorized users through the Clawscan Admin Control Center to support platform management and configuration.
Communication content remains inside the client tenant environment during analysis.
See:
Purpose of telemetry data
Telemetry collected by Clawscan is used for a limited set of operational purposes:
- monitoring platform health
- diagnosing technical issues
- supporting service reliability
- generating usage statistics required for licensing management
Telemetry is not used to reconstruct or access the original communication content.
Diagnostic logging
Clawscan components may generate diagnostic logs during operation.
These logs help detect and troubleshoot technical issues.
Two categories of logs may exist:
Client-side diagnostics
Logs generated within the client tenant environment may include:
- operational events
- error diagnostics
- system activity information
These logs remain within the client environment.
Service monitoring logs
When a technical error affecting the service is detected, limited diagnostic information may be transmitted to the GOlegal control plane.
This information supports investigation of operational issues affecting the platform.
Diagnostic logs do not contain raw communication content.
Data minimisation
Operational monitoring follows a data minimisation principle.
Only the information necessary to support reliable service operation is transmitted to GOlegal systems.
Clawscan is designed to avoid transmitting:
- raw communication content
- email attachments
- full message bodies
See:
Local debugging artefacts
During analysis, the Clawscan Engine may generate temporary diagnostic artefacts to support troubleshooting and system reliability.
These artefacts are primarily generated and used within the client tenant environment.
In limited cases, technical diagnostic metadata may be transmitted to GOlegal systems to support:
- incident investigation
- system maintenance
- service continuity
Such diagnostics are designed to:
- be primarily technical in nature
- avoid inclusion of full communication content
- minimize exposure of personal data
Their purpose is to assist in identifying and resolving operational issues while maintaining appropriate data protection safeguards.
Transparency and accountability
The Clawscan Trust Center provides documentation describing the platform’s operational monitoring practices.
This transparency supports vendor security reviews and internal compliance assessments.
Organizations evaluating Clawscan are encouraged to review the related documentation below.