General Security Q&A

• 1. Do you hold any ISO or SOC2 accreditation?
• 2. Where do you hold information? e.g. server locations
• 3. How do you protect data held on the servers? e.g. Is it encrypted, how many employees have access, is access managed by permission levels?
• 4. Does CleanTalk allow traffic over HTTP?
• 5. Do network interactions use TLS and AES?
• 6. How do you manage vulnerabilities?
• 7. How do you manage incidents and disaster recovery?
• 8. Any other security information you think might be useful for our committee to approve this product?

1. Do you hold any ISO or SOC2 accreditation?

No, we didn't qualify as ISO or SOC2 compatible organization.

2. Where do you hold information? e.g. server locations

All data is stored on servers in Falkenstein, Germany. Vint Hill, United States.

3. How do you protect data held on the servers? e.g. Is it encrypted, how many employees have access, is access managed by permission levels?

No, data at the servers is not encrypted. Employees have limited access to data, regarding their work duties.

4. Does CleanTalk allow traffic over HTTP?

Yes, CleanTalk allows HTTP connections from sites to the cloud. But HTTPS is enabled by default on all new installations.

5. Do network interactions use TLS and AES?

Sure, all interactions between our serves are TLS encrypted.

6. How do you manage vulnerabilities?

We use some applications to mitigate brute-force attacks, SQL injections, and unauthorized access to the data. As well as we have a bug bounty program.

7. How do you manage incidents and disaster recovery?

We allocate our servers in different geo locations, so it helps to prevent any network issues as well as serve user's requests from the closest location to a customer.

8. Any other security information you think might be useful for our committee to approve this product?

We do our best to provide secure service for customers.

If you haven't found the answer to your question, please, contact our support team:

https://cleantalk.org/my/support/open