// Trust & Security Report
Klue Labs Inc.
AI-powered competitive intelligence and win-loss platform with integrated research assistant (Compete Agent), win-loss interview suite, and third-party CRM integrations
Certifications held
4
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on klue.com“Klue maintains SOC 2, Type II compliance in accordance with the five Trust Services Criteria defined by the American Institute of Certified Public Accountants. In fact, we're the only Competitive Enablement platform that has achieved SOC2 compliance.”
Verify on klue.com“Klue is headquartered in Canada and is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA). The European Commission declares that PIPEDA provides adequate privacy safeguards with respect to the EU's General Data Protection Regulation (GDPR). Klue complies with the GDPR and utilizes the June 2021 Standard Contractual Clauses when applicable.”
Verify on klue.com“Klue is headquartered in Canada and is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA).”
Verify on klue.com“Although Klue's volume of sales in the State of California are not yet high enough to trigger application of the California Consumer Privacy Act (CCPA), Klue still actively complies with the CCPA. Klue does not sell any personal data.”
> Show 5 unconfirmed / not-held certifications
source: klue.comNo public evidence of ISO 27001 certification on Klue's official security page or documentation. While third-party sources claim this certification, Klue's official security page at https://klue.com/product/security does not list ISO 27001 as a held certification.
source: klue.comNo public evidence of HIPAA compliance on Klue's official security page or documentation. HIPAA is not claimed in https://klue.com/product/security or https://klue.com/privacy.
source: klue.comNo public evidence of PCI DSS certification on Klue's official documentation.
source: klue.comNo public evidence of FedRAMP authorization on Klue's official documentation.
source: klue.comNo public evidence of CSA STAR certification on Klue's official documentation.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Canada, United States, and elsewhere
Klue's terms explicitly state: 'Customer Data will not be (a) used to train, validate or enhance any AI Features except solely for the benefit of the Customer and as permitted in this Agreement; (b) used to train any publicly available AI systems or public large language models; or (c) shared with publicly available, unrestricted consumer tools or platforms.' Customer data is used only for AI features that benefit that specific customer. Klue may create 'Pattern Data' from anonymized customer usage which becomes Klue's property.
// Security controls
Infrastructure hosting
Primary: Amazon Web Services (AWS) secure data centers; Secondary web services: Google Cloud Storage
klue.comPenetration testing
Third-party penetration tests conducted annually with ASVS 4.0 compliance
klue.comRecent security incident
June 12, 2026: Compromised legacy credential in integration service allowed unauthorized access to OAuth tokens; attacker accessed Salesforce and third-party integration data across a number of connected customer environments (Klue's disclosure does not state a specific count of affected customers). Klue platform itself not compromised. Remediation: revoked affected credentials/tokens, removed unauthorized code, disabled potentially impacted integrations, engaged CrowdStrike, notified law enforcement. A Telegram account purporting to be ShinyHunters claimed responsibility June 21, 2026 (attribution unverified).
klue.com// Products & data scope
data: Competitive market intelligence, competitor profiles, buyer signals, AI-powered research
AI research analyst ('Compete Agent') that continuously collects competitive intel and delivers to sales team; supports 60+ competitor tracking
data: Customer deal data, win-loss interview feedback, competitive positioning analysis
Includes AI interviewer, analyst team, and verified buyer signal extraction; integrated into sales workflows
// What to watch
- SECURITY INCIDENT: June 2026 OAuth credential compromise affecting integrations is recent (within last month). While Klue platform itself was not breached, this reveals weaknesses in legacy credential management and integration security controls.
- OVER-CLAIM RISK: Third-party sources (e.g., Nudge Security) claim Klue holds ISO 27001, HIPAA, PCI DSS, FedRAMP, and CSA STAR certifications, but these are NOT mentioned on Klue's official security page. Only SOC 2, GDPR, PIPEDA, and CCPA are claimed by Klue.
- CREDENTIAL HYGIENE: The June 2026 incident involved a 'legacy credential' - indicates older, potentially weaker access controls may still exist in production systems.
- AI TRAINING CLARIFICATION NEEDED: While Klue's terms state customer data is not used for public LLMs, the specific scope of internal AI model training and what constitutes 'Pattern Data' could be clearer.
- DATA RESIDENCY VAGUENESS: Terms state data is maintained 'in Canada, the United States, and elsewhere' - the 'elsewhere' clause could be more specific.
// At a glance
Pricing model
Subscription SaaS (per-seat or usage-based)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Klue Labs Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
klue.com