Security Overview
What this document is:
An overview of the security principles and safeguards implemented in Clawscan.
Why this matters:
Organizations evaluating Clawscan need to understand how the platform protects sensitive communications and how security responsibilities are shared between GOlegal and client organizations.
Who should read this:
Security teams, IT architects, data protection officers (DPOs), and procurement reviewers.
When to use this:
Vendor security assessments, procurement processes, internal IT validation.
Security philosophy
Clawscan is designed around a privacy-by-design and security-by-design architecture.
The system follows several core principles:
-
Tenant-resident processing
Communication content is processed within the client’s Microsoft 365 environment. -
Minimal external data exposure
Only derived analysis results and operational telemetry are transmitted outside the client tenant. -
Clear responsibility boundaries
Clients maintain control over their infrastructure and governance policies. -
Operational transparency
The Clawscan Trust Center provides documentation to support vendor security assessments.
See:
Security architecture principles
Clawscan incorporates several architectural safeguards designed to protect communication data.
These include:
- tenant-resident processing
- limited external data transmission
- separation between analysis and service monitoring
- clear infrastructure boundaries
Sensitive communication content remains within the client tenant environment during analysis.
Further architectural details are described in:
Security and privacy measures
Clawscan implements a set of technical and organisational measures (TOMs) designed to support secure operation of the platform.
These measures address topics such as:
- access control
- operational monitoring
- system integrity
- risk management practices
A detailed description of these safeguards is provided in:
Operational monitoring
To maintain service reliability and security, Clawscan collects operational telemetry and diagnostic information.
Operational monitoring supports:
- service reliability
- technical troubleshooting
- system diagnostics
- licensing and usage management
Telemetry does not include raw communication content.
See:
Admin Control Center
The Clawscan Admin Control Center provides a web interface allowing authorized users to access aggregated results and manage platform configuration.
This interface operates within the Clawscan system layer and does not process or store raw communication content.
See:
Shared responsibility model
Clawscan operates under a shared responsibility model.
Certain responsibilities remain under the control of the client organization.
Responsibilities of GOlegal
GOlegal is responsible for:
- maintaining the Clawscan platform
- operating the service control plane
- processing telemetry and service diagnostics
- delivering product updates
Responsibilities of client organizations
Client organizations remain responsible for:
- their Microsoft 365 tenant and Azure environment
- the deployment of the Clawscan engine
- internal compliance governance
- defining communication monitoring policies
See:
Data protection safeguards
Clawscan incorporates safeguards designed to support data protection compliance, including:
- minimal data transmission
- tenant-resident analysis
- configurable scanning scope
- privacy-by-design deployment model
Organizations remain responsible for ensuring that monitoring practices comply with their internal governance policies and applicable regulations.
See:
Data retention
Derived scan results are retained according to a period-based retention policy.
Results generated during a given operational period are deleted a fixed number of months after the end of that period.
Aggregated statistics may be retained longer as they do not contain communication content.
See: