Data is encrypted at rest in our database using AWS RDS, giving your data another layer of protection. AWS RDS encryption uses a AES-256 encryption algorithm to encrypt your data.
Passwords are salted and hashed, never stored in the clear. This is stored in such a way that it makes the original password permanently irretrievable. We also encourage safer password practices that provide added protection. We never store or log your password in plain text.
We support (and encourage) Clarify users to use our two factor authentication feature for additional user account protection.
We perform ongoing security and privacy checks to ensure that you and your team members can only see what they are supposed to.
As part of our privacy measures all users within an organization are assigned a role which determines what information is available to them. This provides an added layer of privacy and ensures confidentiality is maintained.
At this time Clarify has not yet completed a SOC 2 audit and certification, however from the inception, Clarify been built with adherance to the expectations of compliance with established security policies and procedures.
We use Stripe as our payment processing provider. Through our integration with Stripe, Clarify falls into the Level 4: SAQ A-EP compliance category. All payment processing is outsourced to Stripe, which is a PCI DSS validated processor. No electronic storage, processing, or transmission of cardholder data occurs on Clarify's systems or premises.
We use AWS for data storage. AWS maintains several industry-recognized certifications, including ISO, SOC, PCI, and more.
All browser connections and communications are transmitted over SSL (TLS) and HTTPS, encrypted while ensuring data privacy and integrity. Our SSL certificates are signed with SHA256 using a ECC algorithm.