Data Security

PHYSICAL SECURITY

We only store your data with the Third Party Processors listed in its respective section. Their data centers are co-located in own operated or some of the most respected datacenter facility providers in the world. We leverage all of the capabilities of these providers including physical security and environmental controls to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorized entry. Security controls provided by these facilities includes but is not limited to:

• 24/7 Physical security guard services
• Physical entry restrictions to the property and the facility like biometric identification, metal detection, vehicle barriers, laser-based intrustion detection systems
• Full CCTV coverage externally and internally for the facility
• Battery and generator backup
• Generator fuel carrier redundancy
• Secure loading zones for delivery of equipment
• Cryptographic authentication and authorization at the application layer for inter-service communication (Google Cloud)
  

INFRASTRUCTURE SECURITY

Clym's infrastructure is secured through a defense-in-depth layered approach. Access to the infrastructure is provided through multi-factor authentication points which restrict network-level access to infrastructure based on job function utilizing the principle of least privilege. All access to the ingress points are closely monitored, and are subject to stringent change control mechanisms.

Systems are protected through key-based authentication and access is limited by Role-Based Access Control (RBAC). RBAC ensures that only the users who require access to a system are able to login. We consider any system which houses customer data that we collect, or systems which house the data customers store with us to be of the highest sensitivity. As such, access to these systems is extremely limited and closely monitored.

Additionally, hard drives and infrastructure are securely erased before being decommissioned or reused to ensure that your data remains secure.

Access Logging

Systems controlling the network at Clym log to our centralized logging environment to allow for performance and security monitoring. 

Security Monitoring

Clym's Security team utilizes monitoring and analytics capabilities to identify potentially malicious activity within our infrastructure. User and system behaviors are monitored for suspicious activity, and investigations are performed following our incident reporting and response procedures.

Employee Access

Our technical support staff do not have access to the backend hypervisors where virtual servers reside nor direct access to the NAS/SAN storage systems where snapshots and backup images reside. Only select engineering teams have direct access to the backend hypervisors based on their role.

Backup Security

Backups are stored encrypted on an internal non-publicly visible network using highly-durable storage systems and services.

PAYMENT DATA SECURITY

Credit / debit card purchases for Clym services are processed by the third-party vendor Stripe. When our customers provide their credit / debit card information on our website the data is sent to Stripe, i.e., the payment data is not stored on our systems. Stripe powers online financial transactions for thousands of businesses globally, and they are compliant with PCI-DSS standards for the storage and handling of payment information.