Security & Privacy Measures (Technical and Organisational Measures)
What this document is:
A description of the technical and organisational measures implemented in Clawscan to support the security and confidentiality of processed data.
Why this matters:
Organizations assessing Clawscan must understand the safeguards implemented to protect sensitive communications and ensure responsible operation of the platform.
Who should read this:
Security teams, data protection officers (DPOs), procurement reviewers, and legal teams.
When to use this:
Vendor security assessments, DPIAs, GDPR Article 32 evaluations.
Overview
Clawscan implements a range of technical and organisational measures (TOMs) designed to support secure and responsible operation of the platform.
These safeguards are intended to address:
- confidentiality of communications
- integrity of the analysis process
- availability of the service
- transparency of operational practices
The measures described below focus on safeguards implemented by GOlegal in relation to the Clawscan platform.
Client organizations remain responsible for the security and governance of infrastructure deployed within their own tenant environments.
See:
Governance and operational controls
Clawscan is developed and operated under governance practices designed to support secure system operation.
Examples include:
- internal development governance
- operational monitoring of the service control plane
- controlled management of product updates
- internal access management procedures
Operational governance aims to ensure that system changes are managed responsibly and that service reliability is maintained.
Access control
Access to Clawscan operational systems is restricted to authorized personnel.
Safeguards include:
- controlled access to operational environments
- authentication mechanisms protecting administrative interfaces
- internal procedures governing access allocation and revocation
Access to client environments remains under the exclusive control of the client organization.
GOlegal does not administer client tenant infrastructure.
See:
Data protection safeguards
Clawscan incorporates several architectural safeguards designed to minimize exposure of sensitive communication data.
These safeguards include:
- tenant-resident processing of communication content
- limited external transmission of derived analysis results
- separation between analysis and operational telemetry
Raw communication content remains within the client tenant environment during analysis.
See:
System integrity
Clawscan includes safeguards designed to protect the integrity of the analysis process and platform operation.
Examples include:
- controlled deployment of software components
- operational monitoring of system activity
- diagnostic logging supporting system troubleshooting
These measures help ensure that the system operates as intended and that operational issues can be investigated if necessary.
See:
Availability and service reliability
Clawscan is designed to support reliable service operation.
Operational safeguards include:
- monitoring of platform health
- diagnostic telemetry used for service reliability
- mechanisms allowing detection of technical errors
These practices support early detection of operational issues and contribute to service stability.
Data retention safeguards
Derived scan results are retained according to a period-based retention policy.
Results generated during a given operational period are deleted a fixed number of months after the end of that period.
Aggregated statistics may be retained longer because they do not contain communication content.
See:
Shared responsibility considerations
Clawscan operates under a shared responsibility model.
Security responsibilities are divided between:
GOlegal
Responsible for:
- the Clawscan platform
- telemetry processing
- service monitoring
- software maintenance
Client organizations
Responsible for:
- their Microsoft 365 tenant
- Azure infrastructure used for deployment
- configuration of scanning policies
- internal governance procedures
See:
Continuous improvement
Security and privacy safeguards are periodically reviewed and may evolve as the Clawscan platform develops.
Updates to relevant safeguards will be reflected in this documentation.