secure-icon

Secure from Day 1

ClearFeed was built from the ground up by an experienced team with security, privacy, and compliance prioritized from day one.

aicpa-soc

SOC2 Type 2 Certified

The most comprehensive certification that our system is designed to keep our customers’ sensitive data secure.

key-icon

Secure encryption of data

All customer data is encrypted at rest and in transit, and access is protected behind your enterprise SSO.

Security Overview

Infrastructure Security

  • Our infrastructure is hosted on AWS in the us-east-1 region across three availability zones.
  • By default we block all traffic at a network level and only open specific ports as required to deliver the ClearFeed service.
  • Any escalated access to infrastructure requires VPN or a whitelisted IP with 2-factor authentication.
  • We use AWS GuardDuty to detect unsual traffic and unauthenticated access to our critical systems.
  • Host-based intrusion detection systems are in active use.

Data Encryption

  • All critical data that we store is encrypted at rest and in transit.

Failover and disaster recovery

  • All of our production infrastructure is built with redundancies in place, in highly-available configurations spread over three different availability zones in the us-east-1 AWS region.
  • We have a disaster recovery plan which is reviewed every 6 months and a tabletop exercise is conducted by the management to verify that the plan is up to date.

Inventory and configuration

  • Infrastructure is kept as code using Terraform, and other infrastructure-as-code tools with changes going through a process very similar to the application-level software development process. We make use of separate infrastructure for development, staging and live environments, with no sharing of data between environments.

Identity and Access Control

  • Access to all of our critical systems require 2FA authentication to sign in.
  • Access to customer data is limited to authorized employees who require it for or operational and maintenance activities.
  • Access to sensitive production data is limited to just the devops team.

Monitoring and logging

  • We do extensive monitoring of infrastructure and application performance, which usually allows us to detect issues before many customers experience them.
  • Automated alerts are set up with the help of Sentry. All alerts are acknowledged within 10 minutes.

Penetration Testing

  • We perform annual application-level penetration tests via an independent third party.
  • Our aim is to fix any discovered critical issues within 2 business days, and high-severity issues within 30 business days.
  • Medium-severity and lower-severity issues are handled as part of ongoing security work.
  • Please email security@clearfeed.ai to get a copy of our penetration testing report.

Incident response

  • ClearFeed implements a protocol for handling security events and other operational issues which includes escalation procedures, rapid mitigation, and post-mortems.
  • You can visit our status page to get updates on any potential issues, and even subscribe to automatic updates.

Compliance

  • ClearFeed is SOC2 Type 2 compliant.
  • To get a copy of our SOC2 compliance report, please email security@clearfeed.ai.

Security questions or issues?