Current as of 1 October 2023

Security Statement

Security Statement

Clnto is committed to ensuring the security of user data and has implemented measures to prevent and mitigate potential compromises by third parties. This Security Statement outlines the security measures incorporated into the development and deployment of Clnto's software.

Clnto is committed to ensuring the security of user data and has implemented measures to prevent and mitigate potential compromises by third parties. This Security Statement outlines the security measures incorporated into the development and deployment of Clnto's software.

Security Measures

Security Measures

  • API Authentication: Authentication is performed using OAuth 2.0 for both client and user access.

  • Code-Level Security: Protection against Cross-Site Request Forgery (CSRF), form tampering, SQL injection, and Cross-Site Scripting (XSS) is implemented at the code level.

  • Firewall: Cloud Flare is utilized as a firewall to safeguard against unauthorized access.

  • Network Encryption: SSL encryption is applied to secure data transmission over the network.

  • Multi-Factor Authentication (MFA): Data access is subject to multi-factor authentication to enhance security.

  • Data Encryption: Data is encrypted both in transit and at rest, ensuring comprehensive protection.

  • API Authentication: Authentication is performed using OAuth 2.0 for both client and user access.

  • Code-Level Security: Protection against Cross-Site Request Forgery (CSRF), form tampering, SQL injection, and Cross-Site Scripting (XSS) is implemented at the code level.

  • Firewall: Cloud Flare is utilized as a firewall to safeguard against unauthorized access.

  • Network Encryption: SSL encryption is applied to secure data transmission over the network.

  • Multi-Factor Authentication (MFA): Data access is subject to multi-factor authentication to enhance security.

  • Data Encryption: Data is encrypted both in transit and at rest, ensuring comprehensive protection.

Compliance

Compliance

  • Clnto's hosting environment maintains various certifications for data centers, including ISO 27001 compliance, PCI Certification, and SOC reports, ensuring compliance with industry standards.

  • Detailed information about certifications and compliance can be found here.

  • Clnto's hosting environment maintains various certifications for data centers, including ISO 27001 compliance, PCI Certification, and SOC reports, ensuring compliance with industry standards.

  • Detailed information about certifications and compliance can be found here.

Availability & Recovery

Availability & Recovery

  • The infrastructure is designed to be fault-tolerant, capable of handling failures at the server or data center level.

  • Customer data is stored redundantly across multiple locations in hosting provider data centers to ensure high availability.

  • Rigorous backup and restoration procedures are in place, with nightly automatic backups of Customer Data and source code. Real-time alerts and automatic deployment of backups contribute to swift recovery in case of any discrepancies.

  • The infrastructure is designed to be fault-tolerant, capable of handling failures at the server or data center level.

  • Customer data is stored redundantly across multiple locations in hosting provider data centers to ensure high availability.

  • Rigorous backup and restoration procedures are in place, with nightly automatic backups of Customer Data and source code. Real-time alerts and automatic deployment of backups contribute to swift recovery in case of any discrepancies.

Confidentiality

Confidentiality

  • Strict controls are enforced over access to data, with technical controls and audit policies in place. Access to resources is logged and routinely reviewed every 90 days during security audits.

  • All employees and contract personnel adhere to policies governing customer data, and these issues are treated with the utmost importance within the company.

  • Strict controls are enforced over access to data, with technical controls and audit policies in place. Access to resources is logged and routinely reviewed every 90 days during security audits.

  • All employees and contract personnel adhere to policies governing customer data, and these issues are treated with the utmost importance within the company.

Encrypted Transactions

Encrypted Transactions

  • Web connections to Clnto are secured using TLS 1.2 and above, supporting forward secrecy and AES-GCM. Insecure connections using SSL 3.0 and below or RC4 are strictly prohibited.

  • Web connections to Clnto are secured using TLS 1.2 and above, supporting forward secrecy and AES-GCM. Insecure connections using SSL 3.0 and below or RC4 are strictly prohibited.

Storage

Storage

  • All files, both at rest and in transit, are encrypted using the robust 256-bit Advanced Encryption Standard (AES).

  • All files, both at rest and in transit, are encrypted using the robust 256-bit Advanced Encryption Standard (AES).

This Security Statement reflects Clnto's dedication to maintaining a secure environment for user data, employing industry-standard practices to safeguard against potential threats and ensure the confidentiality, integrity, and availability of information.

This Security Statement reflects Clnto's dedication to maintaining a secure environment for user data, employing industry-standard practices to safeguard against potential threats and ensure the confidentiality, integrity, and availability of information.

Your Existing Clients will Bring New Clients - Give them a Stellar Experience