Is Clox Legit? Your Data, Security, and the Guarantees Behind It
A straight answer for a skeptical buyer: who runs Clox, how your data is actually handled, the tamper-evident records anyone can verify at /verify, the honest state of the product, and the trial and refund guarantees that let you try it with nothing on the line.
If you found Clox recently and you are deciding whether to trust it with your crew's hours and your payroll data, that caution is the right instinct. This is an honest answer, not a sales pitch. Below is who runs Clox, how your data is actually handled, the trust signals you can verify yourself, the honest state of the product today, and the guarantees that let you try it without risk. Where a claim is technical, it comes from what is really in the product, not from marketing.
Who is behind Clox
Clox is operated by Clox Labs LLC, a limited liability company formed in Wyoming. That is not just a brand name. It is the registered legal entity named in the Terms of Service and the Privacy Policy. Legal notices go to a registered agent of record, Northwest Registered Agent Service Inc, at a Sheridan, Wyoming address. A registered agent and a stated entity mean there is a real party you can serve notice on and hold to the contract, which is a basic thing a fly-by-night operation does not bother to publish.
We will not pad this section with a founder story or a customer count. The verifiable facts are the entity, the jurisdiction, the agent of record, and the legal pages that bind us. Those are on the site right now for you to read before you sign up.
How your data is handled
Here is the plain version of what happens to your data, drawn from the actual Privacy Policy. Clox is operated in the United States and your information is processed and stored there.
- Encryption: information is protected with encryption in transit and at rest.
- Passwords and PINs: account passwords and kiosk PINs are stored only as a secure hash, never as readable text.
- Access controls and audit logging: administrative actions are access-controlled and audit-logged.
- Offline punches: when a phone has no signal, punches are held in an encrypted on-device cache and upload once the connection returns.
- Selfies: a clock-in photo is a plain image stored with the time entry. Clox does not run facial recognition and does not extract or store facial-geometry data.
- Deletion: there are self-service tools to export your data and to delete your account or organization, after which the associated personal information is deleted, with residual copies in encrypted backups only for a limited period.
The trust signal you can verify without trusting us
Most software asks you to take its data integrity on faith. Clox does the opposite for the records that matter most. Every clock-in and clock-out is linked into a tamper-evident ledger and cryptographically signed, so a record cannot be quietly edited, deleted, or reordered after the fact without the tampering showing.
The part that should matter to a skeptic is that you do not have to trust Clox to confirm it. Paste a proof bundle into the public verifier at getclox.com/verify and it checks, on your own screen, that the records were signed by Clox and have not been altered or reordered. Nothing you paste is stored. For an auditor or a client who wants to go further, each record is an Ed25519 signature over an exact JSON string, and Clox publishes its public key at /api/proof/public-key, so an expert can verify any record against that key with standard tools and no Clox account at all.
Account security features that actually exist
These are live in the app today, in Settings under Account and security, not on a roadmap:
For the step-by-step version, the account security doc walks through each one.
The honest state of the product
Clox is a newer product, and pretending otherwise would undercut everything above. Here is exactly where it stands so there are no surprises after you sign up.
- Managers work in the web app. Scheduling, approvals, reports, and payroll exports all happen in the browser at app.getclox.com. That is the mature, full-featured surface.
- The iOS app is a TestFlight beta, distributed as a free pre-release build ahead of a public App Store listing. It is not yet a listing you search for in the App Store.
- Crews can skip the app entirely. There is a phone-browser option at app.getclox.com, so a worker can clock in from any modern phone browser without installing anything.
The guarantees that de-risk trying it
The best way to answer "can I trust this" is to try it on your own crew with nothing on the line. Clox is built so you can:
Every account starts on a 14-day free trial with no credit card, and you are not charged unless you choose a plan when the trial ends. If you do subscribe and it is not a fit, your first paid subscription is covered by a 30-day money-back guarantee: email support within 30 days of your first charge for a full refund. Pricing itself is public and flat, not a quote you have to request. See the numbers on the pricing page.
So, can you trust Clox
Here is the honest bottom line. Clox is a real Wyoming company with published legal pages, it encrypts your data and hashes your passwords and PINs, and it gives you genuine account controls like two-factor sign-in and sign-out-everywhere. Its strongest trust signal is one you can test yourself: the tamper-evident proof-of-presence records that anyone can verify at /verify without trusting our word. What it does not have is a security certification or a wall of reviews, and it is newer, with the iOS app still in TestFlight beta. Weigh those honestly. Then do the thing that actually settles it, which is to run your own crew's week through the free trial.
When you are ready to judge it on your own data, start a free trial. It runs 14 days, needs no credit card, and your first paid charge is backed by a 30-day money-back guarantee, so trying Clox costs you nothing but a week of real use.