Security / Privacy Policy

CloudCover is Committed to the Highest Security and Privacy Standards for Your Data

Security Overview

CloudCover understands that the availability and security of our customers' information are vital to not only their daily business operations but also, our own success. We use a multi-layered approach to protect that key information, constantly monitoring and improving our systems and processes to meet the growing demands and challenges of security.


CloudCover understands that the availability and security of our customers' information are vital to not only their daily business operations but also, our own success. We use a multi-layered approach to protect that key information, constantly monitoring and improving our systems and processes to meet the growing demands and challenges of security.


Our service is positioned in dedicated spaces at top-tier data centers. These facilities provide carrier-level support, including:

Access control and physical security

  • 24-hour manned security
  • Biometric scanning for access
  • Dedicated Data Center rooms
  • Computing equipment in steel cages
  • Video surveillance throughout facility and perimeter
  • Tracking of asset removal

Environmental controls

  • Humidity and temperature control
  • Redundant (N+1) cooling system


  • Underground utility power feed
  • Redundant (N+1) CPS/UPS systems
  • Redundant power distribution units (PDUs)
  • Redundant (N+1) diesel generators with on-site diesel fuel storage


  • Concrete vaults for fiber entry
  • Redundant internal networks
  • Network neutral; connects to all major carriers and located near major Internet hubs
  • High bandwidth capacity

Fire detection and suppression

  • VESDA (very early smoke detection apparatus)
  • Dual-alarmed, dual-interlock, multi-zone, pre-action dry pipe water-based fire suppression

Secure transmission and sessions

  • Connection to the CloudCover environment is secure, ensuring that our users have a secure connection from their browsers to our service
  • Individual user sessions are identified with each transaction, using a unique token

Network protection

  • Perimeter firewalls and edge routers block unused protocols
  • Internal firewalls segregate traffic between the application and database tiers
  • A third-party service provider continuously scans the network externally and alerts changes in baseline configuration

Disaster Recovery

  • The CloudCover service performs real-time replication at each data center, and near real-time data replication between the production data center and the disaster recovery center
  • Data are transmitted across encrypted links
  • Disaster recovery tests verify our projected recovery times and the integrity of the customer data


  • All data are backed up to tape at each data center
  • The backups are cloned over secure links to a secure tape archive
  • Tapes are not transported offsite and are securely destroyed when retired

Internal and Third-party testing and assessments tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party assessments are also conducted regularly:

  • Application vulnerability threat assessments
  • Network vulnerability threat assessments
  • Selected penetration testing and code review
  • Security control framework review and testing

Security Monitoring

Our Information Security department monitors notification from various sources and alerts from internal systems to identify and manage threats.


CloudCover is dedicated to ensure our customers are secure when accessing our software. With security threats on the rise, we strongly encourage customers take action to help prevent unauthorized access to their CloudCover account.

As a CloudCover admin, there are preventative steps that you can take to make the experience as secure as possible. The following are some of the security features available in the CloudCover portal, which provide additional layers of end-user validation or authentication:

IP Restrictions
Limit unauthorized access by requiring users to login to CloudCover from designated IP addresses — typically your corporate network or VPN. Those who try to login to CloudCover from outside the designated IP addresses will not be allowed access.

Two-Factor Authentication
Two-Factor Authentication requires that all login attempts have both login credentials and a second authentication factor. Login attempts that do not have valid credentials from both sources will not be granted access to CloudCover.

Secure Employee Systems
One of your goals is to keep email fraud from reaching your users in the first place. To help do that, secure all computers used by your employees.

  • Update all users to the latest browser version.
  • Make sure you whitelist the IP address.
  • Install and maintain desktop protection software on all user machines and keep all applications and definitions up to date.

Strengthen Password Policies
You can make passwords more secure and harder to break by requiring users to define complex passwords and setting up password expirations.



Global Privacy Law Landscape
Over the past several years, numerous laws and frameworks have emerged globally that govern the handling of personal information, including the following:

United States

  • Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA)
  • Financial Modernization Act of 1999 or Gramm-Leach-Bliley Act (GLB)
  • Numerous state breach notification laws


  • Personal Information Protection and Electronic Documents Act of 2000 (PIPEDA)
  • Numerous provincial privacy laws affecting the public and private sectors

European Union

  • Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (EU Data Protection Directive)
  • Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications (EU E-Privacy Directive)

Asia Pacific

  • Japan Law on Protection of Personal Information of 2003
  • Asia-Pacific Economic Cooperation (APEC) Privacy Framework

Although the requirements of these laws and frameworks vary greatly, some common themes have emerged, such as notice, choice, access, and security:

Notice: What information must be provided to individuals about how their data may be used and who it may be shared with? When must this notice be provided to individuals? In what manner must this notice be provided?

Choice: What choices are individuals offered in terms of what information about them is collected and how such information is used?

Access: Are individuals given the opportunity to access information maintained about them? Can individuals request that their information be amended or deleted?

Security: Are organizations that handle personal information required to protect such information using administrative, technical, and physical safeguards?

CloudCover’s customers solely determine what data is submitted to CloudCover service as customer data. With respect to such data, CloudCover acts as a data processor. In our role as a processor of customer data, CloudCover addresses the general privacy principles described above in the following ways:

Notice, Choice & Access: CloudCover generally does not have a direct relationship with individuals whose personal data is submitted by customers to the CloudCover service as customer data. CloudCover does not collect personal information on behalf of our customers, and CloudCover does not determine how our customers use such data. Additionally, CloudCover’s customer contracts generally prohibit CloudCover from accessing customer data except under limited circumstances.

Compliance with the Notice, Choice, and Access principles is based on cooperation between CloudCover and our customers. For example, CloudCover’s contracts with our customers state that customers are responsible for the accuracy, quality, integrity, reliability, and appropriateness of data submitted to the CloudCover service and that customers must comply with applicable laws in using the CloudCover service.

Security: CloudCover maintains appropriate administrative, physical, and technical safeguards to help protect the security, confidentiality, and integrity of data our customers submit to the CloudCover service as customer data. CloudCover’s customers are responsible for ensuring the security of their customer data in their use of the service.



CloudCover has privacy and security-conscious policies that apply to all of our information handling practices.

  • Contractual Privacy Protection for Customers
    • CloudCover’s contracts include confidentiality provisions that prohibit us from disclosing customer confidential information, including customer data, except under certain narrowly defined circumstances, such as when required by law.
    • CloudCover agrees not to access customer's accounts, including customer data, except to maintain the service, prevent or respond to technical or service problems, at a customer's request in connection with a customer support issue, or where required by law.
  • Code of Conduct, Confidentiality Agreements, and Information Security Policies
    • Every CloudCover employee and contractor must follow CloudCover’s code of conduct, sign confidentiality agreements, and follow CloudCover’s information security policies.
  • Privacy Statement
    • For information collected on CloudCover’s Web site, provides assurances around the types of information collected, how that information may be used, and how that information may be shared.
    • CloudCover offers individuals the opportunity to manage their receipt of marketing and other non-transactional communications.
    • CloudCover offers individuals the opportunity to update or change the information they provide.


CloudCover's comprehensive privacy and security program includes communicating with personnel and customers about current issues and best practices.

  • Internal Training and Communications for CloudCover Personnel
    CloudCover strongly encourages all of our customers and users to adopt industry-standard solutions to secure and protect their authentication credentials, networks, servers, and computers from security attacks.
  • Customer End User Awareness
    CloudCover strongly encourages all of our customers and users to adopt industry-standard solutions to secure and protect their authentication credentials, networks, servers, and computers from security attacks.
    • We communicate with our customers about current issues and trends through our Trust web site.
    • We email end users about specific security issues when warranted.
    • We publish a Security Implementation Guide for customers to learn more about how to implement customer-controlled security settings. The Security Implementation Guide is available in the Help & Training section of the CloudCover service.
    • The Security section of the Trust Web site includes a security webinar and various security-related white papers.


CloudCover has multiple individuals responsible for security and security-related matters. Additionally, all CloudCover personnel are required to follow CloudCover's confidentiality, privacy, and information security policies.


CloudCover maintains a comprehensive array of technical measures to protect the CloudCover service and offers a robust set of customer-controlled settings to further heighten privacy and security protection.

Default Privacy and Security Features

  • Application features that protect customer data:
    • Connection to the CloudCover service is via secure socket layer/transport layer security (SSL/TLS), ensuring that our customers have a secure connection to their data. Individual user sessions are uniquely identified and re-verified with each transaction.
    • Customers passwords are not accessible by CloudCover personnel.
    • Application logs record the creator, last updater, timestamps, and originating IP address for every record and transaction completed.

  • Logical separation of customer data:
    • Hardware and software configurations are designed to provide secure logical separations of customer data that permit each customer to view only its related information.
    • Multitenant security controls include unique, non-predictable session tokens, configurable session timeout values, password policies, sharing rules, and user profiles.
    • The CloudCover service supports delegated authentication.

  • Network security measures:
    • Multiple layers of external firewalls
    • Intrusion-detection sensors
    • Security event management system
    • Continuous external vulnerability scanning

  • Redundancy and Scalability
    The CloudCover service is highly scalable and redundant, allowing for fluctuation in demand and expansion of users while greatly reducing the threat of long-term outages.

  • Disaster Recovery
    All customer data is stored in secure data centers and is replicated over secure links to a disaster recovery data center. This design provides the ability to rapidly restore the CloudCover service in case of an emergency.

  • Backups
    In addition to our disaster-recovery capabilities, customer data is also backed up to tape in a separate data center. Tapes are not transported offsite from this data center, reducing the risk of loss.

Customer-Controlled Privacy and Security Settings

  • Customers may determine which of their respective designees can access different categories of data.
  • Customers may set customizable password rules.
  • Customers may define log-off times for inactivity.
  • By default, CloudCover's Identity Confirmation feature automatically recognizes whether a user is logging in from an IP address or device that has been previously used. Unrecognized IP addresses or devices prompt identity re-verification. 

Take a look at CloudCover

Gartner - recognized CloudCover is completely unique to the marketplace and offers incredible value and control of your maintenance environment. If you’d like to learn more about the CloudCover Model and see our platform in action, click below. You’ll be contacted right away.