Data Privacy and Security

High Growth Teams Trust CleverTap with Security, Scale and Compliance

Data Security
HIPAA BAA Data Retention
Role Based
2 Factor
Restricted IP
AWS Instances

Enterprise-Grade Security

Over 8,000 customers rely on CleverTap to execute on their mobile engagement strategies everyday. Our security and risk management processes safeguard each customer’s data within their own silo, strictly restricting any movement of data between clients and thereby ensuring there is no inadvertent access to data other than yours.

CleverTap leverages two-factor authentication, inflight data security across devices, formal change management policies and up-to-date security protocols on the dashboard and across all API endpoints to ensure that customer security is not compromised.
Enable Physical and Network Security

Enable Physical and Network Security

We maintain data-centers on AWS that are fully compliant with a range of certifications for industry-specific applications. We do not store any data off-site outside of AWS and do not use any off-site physical storage facilities. We follow best practices to protect the network perimeter, including maintaining redundant DNS servers and a denial-of-service (DoS) prevention and mitigation system. Antivirus and a host-based intrusion detection system (IDS) are used on all production servers. For more information on AWS security best practices, visit: AWS Security

Encrypting Data at Rest and Data in Motion

CleverTap performs encryption at all incoming and outgoing data collection endpoints. The most up-to-date TLS protocols with SHA256 algorithms are used to handle communications between CleverTap and customer applications. The data key used for encryption is itself encrypted using a unique customer master key and stored securely on the disk. The customer management key is stored securely using FIPS 140-2 validated hardware security modules and is never transmitted outside of EU, where our data centers are based.
Encrypting Data at Rest and Data in Motion
Ensuring Strict Access Control

Ensuring strict Access Control

CleverTap takes preventive measures to ensure that its internal systems are accessed by employees on a need-to-know basis based on least-privilege, and via VPN. Additionally, to access the CleverTap dashboard, every CleverTap end-user requires a unique user ID and password, along with two-factor authentication and role-based, thus reducing the risk associated with account compromise. This access model is enforced on each end-user session. CleverTap requires passwords to be at least eight characters in length and must be rotated every 90 days for additional security. CleverTap passwords use PBKDF2 (Password-Based Key Derivation Function 2) with HMAC (hash-based message authentication code) along with a salt value and the SHA-1 algorithm.

User Privacy

CleverTap is committed to protecting customer data at all times. CleverTap has a formal Privacy Policy in place to protect user access at all times. With best-in-class security standards, CleverTap restricts access based on least-privilege while at the same time allowing customers to easily manage their user data. We have also established best practices so our customers can easily access their user content and determine how it is stored and processed through CleverTap’s user permission controls and approval workflows.

Business Continuity and Disaster Recovery

CleverTap’s infrastructure scales automatically for ebbs and flows in traffic. Our proprietary technology is custom-built and allows us to provide high availability and rapid recovery in the event of an issue. We are not reliant on any external launch cycles or product updates to improve performance. Our infrastructure is connected with multiple network carriers to dynamically respond to each request with the best connectivity in order to ensure reliable and continuous availability of critical resources at all times. All data backups are protected by stringent role-based access control restrictions. Data is replicated periodically to provide state-of-the-art fault-tolerance, highly responsive recovery, and scalability at all times.


CleverTap is committed to maintaining strong data protection commitments while also ensuring that we provide our customers with the tools required to comply. By maintaining a shared responsibility with AWS, CleverTap is able to maintain fully compliant data centers that allow sensitive data to be stored securely.
General Data Protection Regulation

GDPR – General Data Protection Regulation

CleverTap welcomes the opportunity to deliver better customer experiences in preparing for the General Data Protection Regulation (GDPR). CleverTap is compliant with GDPR and is taking the necessary steps to help our customers manage compliance related features and capabilities. We have added enhancements to our product functionality and updated our documentation to help you better handle the GDPR requirements. Among other things, these updates will support you in offering data privacy to your application’s end users and easily facilitate user requests to exercise individual data subject rights.

Why our customers love us

We Drive Measurable Growth

Helping our customers succeed
View our Customers
  • BookMyShow Screenshot

    With campaigns triggered by user behavior


    On personalized push notification campaigns

    “CleverTap’s impact is clear. Our conversions and traffic have increased over 50% in the last several months. CleverTap is a trusted partner for BookMyShow. Their advanced mobile CRM lets us implement complex yet easy-to-set-up automated campaigns for our users.”
    Marzdi Kalianiwala
    Head – Marketing & BI, BookMyShow
    See Case Study
  • Lenskart Screenshot
    68%Higher Engagement

    With personalized push notifications

    75%More Efficient Campaigns

    With actionable insights

    “CleverTap offers the perfect mix of analytics and engagement, with actionable analytics and ease-of-use. With live user segments and real-time data, we always have our eye on the CleverTap dashboard to understand which users are dropping off and which campaigns need to be optimized.”
    Manan Bajoria
    Head of Growth Marketing at Lenskart
    See Case Study
  • Hotstar Screenshot

    With event-centric campaigns


    Using data-based insights from Pivots

    “CleverTap’s data-driven mobile marketing suite continues to play a crucial role in our growth. Using CleverTap we have been able to run omnichannel campaigns for a diverse set of use cases.”
    Mihir Shah
    VP of Product & Marketing Growth, Hotstar
    See Case Study
  • Cleartrip Screenshot
    8-10%Monetization Rates

    By delivering personalized multi-channel messaging

    5xMore Cross-Sells

    By using Live User Segments

    “Cleartrip is building a culture of digital transformation by combining cross-functional data. CleverTap’s marketing growth platform enables us to correlate data across devices and engagement channels for a KPI driven customer engagement strategy.”
    Suman De
    Director of Product Management, Cleartrip
    See Case Study