Last Updated June 1, 2018
The security of your information is very important to us. Clozer uses commercially reasonable and industry-standard physical, managerial, and technical safeguards to preserve the integrity and security of your information. For example, we guard against common web attack vectors, host data in secure audited data centers, and implement firewalls and access restrictions on our servers to help better protect your information.
User access to our system is controlled by either third party enterprise class OAuth2 login services, such as Salesforce or Google, or via the uPort open identity system. uPort allows users to register their own identity on Ethereum, send and request credentials, sign transactions, and securely manage their keys and personal data.
When you interact with our system, either from a web browser or our mobile apps, any information you enter that is sent back to our servers, including any sensitive information such as a credit card number, is encrypted before transmission using industry-standard Transport Layer Security (TLS) version 1.0 or higher. We also encrypt server to server data transfers using TLS and use JSON Web Tokens to provide secure server to server authorization.
Your information is stored in a secure, multi-tenant, enterprise class database designed to ensure users may only access their data. Information on disk resides in encrypted storage volumes using industry-standard AES-256. All connections to the database are IP whitelisted and encrypted with TLS. Datebases are provisioned in their own Virtual Private Cloud (VPC) providing more network isolation and database authorization is via SCRAM. Access control for database adminstration is limited to a small number of “need-to-know” users with all accounts requiring two-factor authentication (2FA).
Up to seven replicas of your data are maintained helping assure the ability to concurrently run operational and analytical workloads across the database without resource contention. A minimum of three data nodes per replica are deployed across different availability zones providing for continuous application uptime in the event of outages and routine maintenance.
We continuously and regularly back up your information to help prevent data loss and aid in data recovery. We utilize a fully managed backup service with continuous, consistent backups and point-in-time recovery, backed by our retention policies.
Your information resides in secure audited data centers that regularly provide Service Organization Control (SOC) reports. SOC reports are independent third-party examination reports that demonstrate and help build trust and confidence in the service performed and to help you and your auditors understand the controls established to support operations and compliance.
For questions about our security information or any Clozer terms or policies, email us at firstname.lastname@example.org.