Secure by Design
Protecting your data is our job. Our platform runs 100% on the world's leading cloud provider and we pride to partner with Microsoft Azure to ensure your data is always available and always secure.
Some of the ways we make it secure
ISO 27001 & SOC 2
We are proud to be ISO 27001 and SOC 2 type 2 certified. Along with our vendors and partners such as Microsoft Azure, we strive to adhere to the most strict policies and demonstrate continuous and constant improvements in all our processes and people.
Every country and region enforce strong regulations around privacy and we do our best to support our customers in ensuring that those regulations are met.
Monitoring & Logs
With 3 levels of activity and session logs, as well as internal and external monitoring we are always the first to know when and what happened.
Our engineering and development team follows a secure software development practice in each phase of the development lifecycle; training, design, implementation, verification, release and response.
Training our teams is the best way to ensure that we continue to provide the best service and secure our resources and your data.
Transparent Data Encryption (TDE) does real-time I/O encryption and decryption of data and log files in our databases.
All communication to and from servers, database, and client are TLS 1.2 and higher encrypted using private and public certificates.
On demand and at least once a year, we perform penetration testing where a team of ethical hackers and our own engineers attempt to gain access to secured resources.
We perform automated vulnerability testing each and every month using a third party service. We support a transparent policy of communicating results to our customers and partners.
Your data is stored in multiple databases simultaneously and it is backed up daily with history up to 35 days and long term retention of 3 months.
Your data is safely stored in data centers in the region nearest to you,
maintained and monitored by Microsoft, the leading global hosting and infrastructure provider.
Data Center Locations
Your data is placed in the region of your choice among the following: USA, Ireland, UK,
Netherlands, France, Canada, and Australia with mirror data centers in the same region.
Certificates & Compliance
ClicData is ISO27001 and SOC 2 certified and with our partner Microsoft Azure we ensure the
highest adherence to compliance and regulatory standards to HIPAA, GDPR and WCAG.
ClicData is audited by SecurityMetrics and consistently passes all relevant certifications (PCI DSS) regarding the use of Payment Cards in ClicData.
We do not store your payment information in ClicData and rely on Braintree, a PayPal company for the processing and storage of all payment information.
Frequently Asked questions
Yes we are.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of the U.S. Department of Health and Human Services (HHS) to develop regulations protecting the privacy and security of certain health information.
By law, the HIPAA Privacy Rule applies only to covered entities – health plans, health care clearinghouses, and certain health care providers. However, most health care providers and health plans do not carry out all of their health care activities and functions by themselves and they may want to use ClicData to store and process covered data (ePHI).
ClicData can be considered to be a Business Associate of your company if you chose to store and process such data in our application. If you do, please contact us at firstname.lastname@example.org to initiate and sign a Business Associate Agreement.
Yes we are.
The General Data Protection Regulation is a Regulation in EU law on data protection and privacy in the EU and the European Economic Area. The GDPR is an important component of EU privacy law and of human rights law.
Brazil's Lei Geral de Proteçao de Dados (LGPD), the California Consumer Privacy Act, the Canadian Consumer Privacy Protection Act, the Australia’s Privacy Act and many others follow a similar regulation for which GDPR can be a strong basis and in some cases supersedes the requirements of other acts and regulations.
If you are storing Personal Identifiable Data (PID) in ClicData, we act as a Data Processor and we can define a Data Processing Agreement (DPA) between our companies. Please contact email@example.com for more information.
Yes we are. Both ClicData and our partners are ISO27001 and SOC 2 certified.
We pride in our continuous improvement Trust Center program that ensures that our employees, partners and vendors support us and our customers in ensuring a safe and secure platform.
Please contact firstname.lastname@example.org for more information or to obtain access to our certificates and reports.
Please use the email address email@example.com to reach our Data Protection Officer (DPO) for all enquiries related to your personal data or other requests related to data privacy.
The Web Content Accessibility Guidelines (WCAG) provide a framework for making web content more accessible for people with disabilities. Compliance is measured in a variety of ways and differently from module to module. Additionally, compliance also affects content that users create using our design for which we have no control.
We perform automated and manual testing of our platform to identify areas that require improvements and we continuously add development requests to increase the accessibility of our platform.
Please contact our compliance team at firstname.lastname@example.org to obtain the latest WCAG audit report.