Your meetings, your data

Last updated on October 5, 2022. Clovers’ success as a hiring service provider relies on earning and keeping our Customers’ and Colleagues’ trust.  We take security seriously and built Clovers with security in mind. To help answer questions from our users about our security practices and what we’re doing to protect their data, we have laid out some of the most important things we do to protect your data and also what you can do to protect your own data when using Clovers.

 

What we do to protect your data:

security art

Data handling

We take handling your data very seriously. We classify all data, and our employees are trained on proper handling of your (and our) data. Our employees are granted access to systems that hold your data on a “need-to-know” basis (i.e. if required to perform their job). Employees who have access to systems that hold your data are required to use strong passwords and multi-factor authentication. 

Data encryption

Working with up-to-date framework releases, we use tried and tested modules, and apply fundamental security considerations to every aspect of our software design. 

  • SSL Encryption is used throughout our application
  • All data is encrypted in transit 
  • All databases and database backups are encrypted at rest
Monitoring

We actively monitor security issues and releases of our technical stack and deploy patches as quickly as possible. We utilize multiple types of logging to monitor the live (and past) state of our application to help detect and recover from any security events. We maintain a list of our vendors’ security policies and monitor our vendors for security breaches that could lead back to our application. 

  • Continuous resource and infrastructure access monitoring
  • Third-party web property scanning
  • Security testing is an essential part of our release process 
  • Annual employee privacy and data security training 
Team access management

We limit access to our systems and our data to only those who need it, operating on the principle of least privilege.

  • Unique logins are required for all business-critical systems
  • Defined access to different parts of our system
  • Customer and personal data access is limited by roles
  • Role-based access is regularly audited and updated
Standards and compliance

We are pursuing certifications and building to their specifications.  By starting with clear principles and frameworks, our policies and processes reflect a thoughtful approach to security and our everyday work.    

  • ISO  27001
  • GDPR
Secure servers

Your data is securely backed up on a regular basis. And we never move user data out of the secured environment for testing or any other reason. 

Doing the right thing

We strive to always do the right thing, and we do this by keeping our technical stack, our application, and our business processes lean and free of unnecessary complexity. We automate as many testing, deployment, and backup processes as possible to reduce any human error. All new code is seen by at least two pairs of eyes and evaluated against our secure coding standards. We regularly tear out code that has reached the end of its usefulness to keep our application simple, elegant, and secure.

Even more

This is not a comprehensive list of the security measures we keep to safeguard your data. If you have any more questions, please contact us; we’re glad to answer any and all of your questions. Email us at [email protected]

 

What you can do to protect your data:

Managing users manually

Manually adding and removing users and permissions can often be overlooked and are a common source of unauthorized access to data (i.e. it can be easy to forget to remove an employee from Clovers when they leave your organization). To prevent this, we recommend automatically managing users. 

Learn about privacy settings

Different companies have different demands, as do privacy settings. Clovers provides many options when it comes to privacy, but this means that you need to ensure you understand and are using our application in a way consistent with your requirements. For any privacy concerns, you can take a look at our privacy policy here. Feel free to email us with any additional questions at [email protected].

Reporting security issues

If you believe you’ve found something in Clovers that has security implications, please email them to follow our Responsible Disclosure Policy.