CloudCover Security & Privacy Policy -

CloudCover is committed to the highest security and privacy standards for your data

Security Overview

CloudCover understands that the availability and security of our customers’ information are vital to not only their daily business operations but also, our own success. We use a multi-layered approach to protect that key information, constantly monitoring and improving our systems and processes to meet the growing demands and challenges of security.

Explore the Security & Privacy Policy

Best Practices

CloudCover is dedicated to ensure our customers are secure when accessing our software. With security threats on the rise, we strongly encourage customers take action to help prevent unauthorized access to their CloudCover account.

As a CloudCover admin, there are preventative steps that you can take to make the experience as secure as possible. The following are some of the security features available in the CloudCover portal, which provide additional layers of end-user validation or authentication.

Security Monitoring

Our Information Security department monitors notification from various sources and alerts from internal systems to identify and manage threats.

Secure Employee Systems

One of your goals is to keep email fraud from reaching your users in the first place. To help do that, secure all computers used by your employees.

  • Update all users to the latest browser version.
  • Make sure you whitelist the CloudCover.it IP address.
  • Install and maintain desktop protection software on all user machines and keep all applications and definitions up to date.
Strengthen Password Policies

You can make passwords more secure and harder to break by requiring users to define complex passwords and setting up password expirations.

Privacy Policy

LAWS

Global Privacy Law Landscape

Over the past several years, numerous laws and frameworks have emerged globally that govern the handling of personal information, including the following:

  • United States
    • Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA)
    • Financial Modernization Act of 1999 or Gramm-Leach-Bliley Act (GLB)
    • Numerous state breach notification laws
  • Canada
    • Personal Information Protection and Electronic Documents Act of 2000 (PIPEDA)
    • Numerous provincial privacy laws affecting the public and private sectors
  • European Union
    • Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (EU Data Protection Directive)
    • Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications (EU E-Privacy Directive)
  • Asia Pacific
    • Japan Law on Protection of Personal Information of 2003
    • Asia-Pacific Economic Cooperation (APEC) Privacy Framework

 

Although the requirements of these laws and frameworks vary greatly, some common themes have emerged, such as notice, choice, access, and security:

  • Notice: What information must be provided to individuals about how their data may be used and who it may be shared with? When must this notice be provided to individuals? In what manner must this notice be provided?
  • Choice: What choices are individuals offered in terms of what information about them is collected and how such information is used?
  • Access: Are individuals given the opportunity to access information maintained about them? Can individuals request that their information be amended or deleted?
  • Security: Are organizations that handle personal information required to protect such information using administrative, technical, and physical safeguards?

 

CloudCover’s customers solely determine what data is submitted to CloudCover service as customer data. With respect to such data, CloudCover acts as a data processor. In our role as a processor of customer data, CloudCover addresses the general privacy principles described above in the following ways:

  • Notice, Choice & Access: CloudCover generally does not have a direct relationship with individuals whose personal data is submitted by customers to the CloudCover service as customer data. CloudCover does not collect personal information on behalf of our customers, and CloudCover does not determine how our customers use such data. Additionally, CloudCover’s customer contracts generally prohibit CloudCover from accessing customer data except under limited circumstances.
    • Compliance with the Notice, Choice, and Access principles is based on cooperation between CloudCover and our customers. For example, CloudCover’s contracts with our customers state that customers are responsible for the accuracy, quality, integrity, reliability, and appropriateness of data submitted to the CloudCover service and that customers must comply with applicable laws in using the CloudCover service.
  • Security: CloudCover maintains appropriate administrative, physical, and technical safeguards to help protect the security, confidentiality, and integrity of data our customers submit to the CloudCover service as customer data. CloudCover’s customers are responsible for ensuring the security of their customer data in their use of the service.

PROTECTION

Policies

CloudCover has privacy and security-conscious policies that apply to all of our information handling practices.

  • Contractual Privacy Protection for Customers
    • CloudCover’s contracts include confidentiality provisions that prohibit us from disclosing customer confidential information, including customer data, except under certain narrowly defined circumstances, such as when required by law.
    • CloudCover agrees not to access customer’s accounts, including customer data, except to maintain the service, prevent or respond to technical or service problems, at a customer’s request in connection with a customer support issue, or where required by law.
  • Code of Conduct, Confidentiality Agreements, and Information Security Policies
    • Every CloudCover employee and contractor must follow CloudCover’s code of conduct, sign confidentiality agreements, and follow CloudCover’s information security policies.
Privacy Statement
  • For information collected on CloudCover’s Web site, cloudcover.it provides assurances around the types of information collected, how that information may be used, and how that information may be shared.
  • CloudCover offers individuals the opportunity to manage their receipt of marketing and other non-transactional communications.
  • CloudCover offers individuals the opportunity to update or change the information they provide.
Practices

CloudCover’s comprehensive privacy and security program includes communicating with personnel and customers about current issues and best practices.

  • Internal Training and Communications for CloudCover Personnel
    CloudCover strongly encourages all of our customers and users to adopt industry-standard solutions to secure and protect their authentication credentials, networks, servers, and computers from security attacks.
  • Customer End User Awareness
    CloudCover strongly encourages all of our customers and users to adopt industry-standard solutions to secure and protect their authentication credentials, networks, servers, and computers from security attacks.
    • We communicate with our customers about current issues and trends through our Trust web site.
    • We email end users about specific security issues when warranted.
    • We publish a Security Implementation Guide for customers to learn more about how to implement customer-controlled security settings. The Security Implementation Guide is available in the Help & Training section of the CloudCover service.
    • The Security section of the Trust Web site includes a security webinar and various security-related white papers.
People

CloudCover has multiple individuals responsible for security and security-related matters. Additionally, all CloudCover personnel are required to follow CloudCover’s confidentiality, privacy, and information security policies.

Technology

CloudCover maintains a comprehensive array of technical measures to protect the CloudCover service and offers a robust set of customer-controlled settings to further heighten privacy and security protection.

Default Privacy and Security Features
  • Application features that protect customer data:
    • Connection to the CloudCover service is via secure socket layer/transport layer security (SSL/TLS), ensuring that our customers have a secure connection to their data. Individual user sessions are uniquely identified and re-verified with each transaction.
    • Customers passwords are not accessible by CloudCover personnel.
    • Application logs record the creator, last updater, timestamps, and originating IP address for every record and transaction completed.
  • Logical separation of customer data:
    • Hardware and software configurations are designed to provide secure logical separations of customer data that permit each customer to view only its related information.
    • Multitenant security controls include unique, non-predictable session tokens, configurable session timeout values, password policies, sharing rules, and user profiles.
    • The CloudCover service supports delegated authentication.
  • Redundancy and Scalability
    • The CloudCover service is highly scalable and redundant, allowing for fluctuation in demand and expansion of users while greatly reducing the threat of long-term outages.
  • Disaster Recovery
    • All customer data is stored in secure data centers and is replicated over secure links to a disaster recovery data center. This design provides the ability to rapidly restore the CloudCover service in case of an emergency.
  • Backups
    • In addition to our disaster-recovery capabilities, customer data is also backed up in the cloud.
Customer-Controlled Privacy and Security Settings
  • Customers may determine which of their respective designees can access different categories of data.
  • Customers may set customizable password rules.
  • Customers may define log-off times for inactivity.
  • By default, CloudCover’s Identity Confirmation feature automatically recognizes whether a user is logging in from an IP address or device that has been previously used. Unrecognized IP addresses or devices prompt identity re-verification.