Our Security Commitment

At Cleanetto, customer trust is our #1 priority.

We maintain the highest standards of data privacy and security because we know your employee data is important to keep secure. Cleanetto undergoes regular penetration testing and security reviews, designed to be GDPR compliant, and encrypts data at rest and in transit.

Our customers entrust sensitive data to our care. Keeping it secure is our promise.

Secure and Reliable Infrastructure

Cleanetto uses Amazon Web Services (AWS) for the hosting of staging and production environments. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance and are SOC 1, SOC 2, and SOC 3 certified.

World Class Application Security

Data Encryption

Data is encrypted in-transit using bank-grade TLS 1.2. Data is encrypted at-rest using 256-bit encryption via native AWS capabilities.

SSO

Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials. All our plans include SSO via SAML 2.0 and Oauth at no extra cost.

Data Permissions & Authentication

Access to customer data is limited to authorized employees who require it for their job and data access is logged.

Incident Response

Security breaches will be communicated within 48 hours, and vulnerabilities are fixed ASAP.

Enterprise Ready Compliance

Cleanetto uses Amazon Web Services (AWS) for the hosting of staging and production environments. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance and are SOC 1, SOC 2, and SOC 3 certified.

EU GDPR

Cleanetto is GDPR compliant. Organizations in the EU or who employ EU-based individuals can rest assured that Cleanetto is handling their personal information in compliance with the latest EU laws.

SOC 2 Type II

Cleanetto is SOC2 compliant. Cleanetto has been audited by an independent firm who has confirmed that Cleanetto meets the requirements set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity and Confidentiality.

Ongoing Commitment to Security

Penetration Tests

Cleanetto works with industry leading security firms to perform bi-annual network and and application layer penetration tests.

Employee Trainings

Security is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data.

Secure Software Development

Cleanetto utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.

Security Team

Cleanetto employs staff responsible for reviewing, updating, testing and maintaining our security and privacy policy.

Cleanetto Responsible Disclosure Policy

Data security is a top priority for Cleanetto, and Cleanetto believes that working with skilled security researchers can identify weaknesses in any technology. If you believe you’ve found a security vulnerability in Cleanetto’s service, please notify us; we will work with you to resolve the issue promptly.

Disclosure Policy

If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at security@cleanetto.com. We will acknowledge your email within five business days.

Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of disclosure.

Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Cleanetto service. Please only interact with domains you own or for which you have explicit permission from the account holder.

Exclusions

While researching, we’d like you to refrain from

  • Distributed Denial of Service (DDoS)
  • Spamming
  • Social engineering or phishing of Cleanetto employees or contractors
  • Any attacks against Cleanetto's physical property or data centers

FAQ

Where’s the data being stored?

Customer data is stored in the United States. We use Standard Contractual Clauses (SCC) to cover regulatory requirements for European customers.

What else do you do to keep customer data secure?

Customer data is stored in the United States. We use Standard Contractual Clauses (SCC) to cover regulatory requirements for European customers.

How often is data backed up?

All data is persisted in a database that has transaction logging enabled and is fully backed up daily.

Does Cleanetto require any plugins and what browser is required?

Cleanetto works with all modern browsers without any plugins

What’s your historical uptime?

We publish system uptime and historical uptime here:

Thank you for helping to keep Cleanetto and our users safe!

We may revise these guidelines from time to time. The most current version of the guidelines will be available at