Keep track of your decisions in Slack without sharing your channel histories or cluttering your workspaces with unnecessary messages.
We make that simple promise because trust is the foundation of our company and our product. Your decisions are important, and your privacy and data security are our most important priority.
We follow strict principles and privacy policies, going above and beyond to ensure we always meet and typically exceed industry standards for protecting your data.
SOC 2 Type 1
Certified Trust Services Principles
EU/US Privacy Shield
Certified Data Privacy Practices
GDPR
General Data Protection Regulation
Your Decision Security Is Our Top Priority
Infrastructure Security
Hosting & Service Providers: Cloverpop is hosted on Heroku using Amazon Web Services (AWS) cloud infrastructure. You can learn more about Heroku’s security here. You can learn more about Amazon’s security here.
Encryption In Transit & At Rest: All of your Cloverpop data is sent via HTTPS with 256-bit encryption. Cloverpop gets an “A+” rating from Qualys SSL Labs. We encrypt all at-rest data in our production database and all backup versions.
Billing: Cloverpop’s credit card processor, Stripe, is certified to PCI Service Provider Level 1. This is the most stringent level of certification available. You can learn more about Stripe's security here.
Application Security
Authentication: Cloverpop authentication is handled by Slack. You can enable single sign-on (SSO) and 2-factor authentication (2FA) on your Slack account for an added layer of security. You can learn more about Slack’s security here.
Email Verification: For accounts set up with email, we verify that email address belongs to you and store your password in a secure hash according to industry standards.
Permissions: Cloverpop adheres to your Slack workspace content and channel permissions for decision access. In addition, Cloverpop has permission settings within the app for administering user roles and billing management.
Operational Security
Confidentiality & Authentication: Access to customer data is strictly limited to authorized employees whose job functions require it. All Cloverpop employees sign confidentiality agreements. Additionally, 2FA and strong password policies are used to protect access to all cloud services that touch customer data.
Security Policies & Incident Response: Cloverpop has comprehensive security and awareness policies, and documented security response procedures. These policies and procedures are updated as necessary, audited regularly and shared with all employees.
Continuous Improvement: All new product features and internal processes are peer-reviewed and evaluated for their security impact before they are released to production. We continuously monitor and improve our security practices.
Continuity and Availability
Backups & Data Recovery: Everything stored on Cloverpop is backed up daily. We have documented recovery procedures to restore from backup within an hour. You may also export your Cloverpop decision content via CSV at any time.
Availability: Cloverpop is a high-availability service that our customers can trust. We have 12-month total uptime of 99.98%, and over 99.99% uptime excluding planned maintenance windows. If incidents do arise, we resolve them as quickly as possible and keep our customers informed on our Cloverpop Community Slack workspace. Cloverpop is hosted in US facilities with automatically scaling hosting infrastructure and established disaster recovery procedures.
