We maintain data-centers on AWS that are fully compliant with a range of certifications for industry-specific applications. We do not store any data off-site outside of AWS and do not use any off-site physical storage facilities. We follow best practices to protect the network perimeter, including maintaining redundant DNS servers and a denial-of-service (DoS) prevention and mitigation system. Antivirus and a host-based intrusion detection system (IDS) are used on all production servers. For more information on AWS security best practices, visit: AWS Security
CleverTap takes preventive measures to ensure that its internal systems are accessed by employees on a need-to-know basis based on least-privilege, and via VPN. Additionally, to access the CleverTap dashboard, every CleverTap end-user requires a unique user ID and password, along with two-factor authentication and role-based, thus reducing the risk associated with account compromise. This access model is enforced on each end-user session. CleverTap requires passwords to be at least eight characters in length and must be rotated every 90 days for additional security. CleverTap passwords use PBKDF2 (Password-Based Key Derivation Function 2) with HMAC (hash-based message authentication code) along with a salt value and the SHA-1 algorithm.
CleverTap welcomes the opportunity to deliver better customer experiences in preparing for the General Data Protection Regulation (GDPR). CleverTap is compliant with GDPR and is taking the necessary steps to help our customers manage compliance related features and capabilities. We have added enhancements to our product functionality and updated our documentation to help you better handle the GDPR requirements. Among other things, these updates will support you in offering data privacy to your application’s end users and easily facilitate user requests to exercise individual data subject rights.