Clipule Logo

Security

Date of Last Revision: June 2023

Technical security

At Clipule, we treat privacy and data security as our top most priority. Here, we have documented some of the ways we make sure your information is always safe and secure when you’re using Clipule.

If you have specific questions, please don’t hesitate to get in touch with us at support@clipule.com.

Server-side Encryption

At Clipule your at-rest data and metadata is encrypted under the 256-bit Advanced Encryption Standard before it is written to disk, and each encryption key is itself encrypted with a regularly rotated set of master keys.

Transport Layer Security

To protect your data as it travels over the Internet during read and write operations, Clipule uses Transport Layer Security (HTTPS).

Robust Access management

Access to user data on Clipule is maintained via strict database level security rules to protect privacy and data confidentiality. By default, authenticated users have access to their own data only. Users can opt to share their data with their teammates via shared projects or by choosing to invite ohter users explicitly.

Payment processing

All payment related services are provided by Stripe, which is certified as a PCI Level 1 Service Provider. Clipule does not and cannot store or access sensitive payment information.

Comprehensive Authentication Security

Clipule uses firebase authentication framework built by the same team that developed Google Sign-in, Smart Lock and Chrome Password Manager, Firebase security applies Google’s internal expertise of managing one of the largest account databases in the world.

Application Security

Clipule follows industry standard best practices for product development. All our releases and new features are thoroughly tested for security vulnerability before deployment.

In addition, Clipule is equipped with thorough internal logging and audit trail features that provide transparency into usage and access. With the help of Google’s infrastructure, we get alerted to and react quickly to all security concerns.

Clipule’s infrastructure is entirely hosted on Google Cloud Platform (GCP) which takes advantage of the same security model as Google Apps like Gmail and Search. A detailed whitepaper on security policy can be downloaded here:
https://services.google.com/fh/files/misc/google_security_wp.pdf

Data Center Physical Security

Clipule uses Google’s data centers and servers that are located in USA. These data centers feature a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. The data center floor features laser beam intrusion detection.

Moreover, these data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders. Access logs, activity records, and camera footage are reviewed in case an incident occurs. Clipule employees do not have physical access to these servers and data centers.

Data security

Encryption

All data on Clipule is automatically encrypted at rest and in transit. Any new data stored in persistent disks is encrypted under the 256-bit Advanced Encryption Standard (AES-256), and each encryption key is itself encrypted with a regularly rotated set of master keys.

During transit, all read and write operations on Clipule are protected using Transport Layer Security (HTTPS).

Access

The storage stack and secured layers of Clipule application require that incoming requests are authenticated and authorized. Data stored in our noSQL cloud database is protected by database level security rules and Google’s Identity and Access Management (IAM). Only authorized employees at Clipule have electronic access to user data.

Customer data is logically isolated from that of other customers and users, even when it’s stored on the same physical server. Only a small group of Google employees have access to customer data.

Disposal

User deleted data on Clipule is immediately wiped from our production database. Some critical deleted data like the project structure remains in our backup storage for 30 days, after which it is wiped from there as well. In the event that customers are unable to delete their data, they can also reach out to Clipule support to get their data wiped.

When retired from Google’s systems, hard disks containing customer information are subjected to a data destruction process before leaving Google’s premises.

Backups

All customer data and account content on Clipule is backed up regularly on a separate cloud storage.

Billing

Clipule does not store or transmit any sensitive payment data. All of our payment services are handled securely by our payments partner, Stripe, which is certified as a PCI Level 1 Service Provider.

You can read more about Stripe’s privacy and security policy here: https://stripe.com/privacy.

Privacy and GDPR

Clipule has the operational, product, and policy frameworks in place to support the rights and obligations under the General Data Protection Regulations (GDPR). Learn more about our GDPR initiatives here.