Keeping our customers’ data secure is the most important thing that Clinch does.
We go to considerable lengths to ensure that all data sent to Clinch is handled securely — keeping Clinch secure is fundamental to the nature of our business. We want to share some of the details of what we do to keep things secure.
Our Team
Our team includes people who’ve played lead roles in designing, building and operating highly secure Internet facing systems, such as Internet Banking platforms, cloud services and payment processing systems for companies such as banks and telecom operators.
We host in world class facilities
All of our services and data are hosted in Amazon Web Services facilities. Further details about the considerable measures Amazon take in securing their facilities and services can be found here: https://aws.amazon.com/security/ and https://aws.amazon.com/compliance/
Auditing changes
All changes made to our production system are logged to a dedicated audit service. This audit service is provided by AWS CloudTrail product.
Service personnel access
Access to production systems is granted on a need basis. All access can only be approved by the Clinch CTO.
Service personnel use AWS Identity and Access Management (IAM) service to provide their access to relevant services within our production environment. Passwords are expired and rotated on a 30 day basis.
Additionally, all service personnel IAM accounts are protected by Two Factor Authentication; providing protection even in the unlikely event of an account password being compromised. All access and changes are audited by the audit service.
External security and penetration testing
We engage independent third party security and penetration testing on a regular basis, to ensure the security and resilience of our service.
Additionally, some of our customers perform their own security tests regularly, and this is something we encourage and co-operate with.
Subprocessors
Clinch thoroughly assesses the security posture of third parties it uses to process personal information as part of its services. A list of these third parties can be found here.
