2.1. User Authentication

User authentication prohibits unauthorized access to your profile data on Closers by making sure each signed in user is who they say they are. Each user is able to access their profile with a unique email and password that must be entered each time a user signs in. Closers issues a session cookie to record encrypted user authentication information for the duration of an individual session.

2.2. Application Level Features

Closers’ applications encourage users to carry out secure behavior while using our features wherever possible. For example, Closers does not store user sales activity data directly. Instead, Closers converts sales activity data to categorized points before storage and use throughout the application. This approach minimizes exposure to our users' sensitive business data. The Closers development team is constantly working on ways to improve our features to encourage secure behavior and we actively encourage our users to submit their ideas for consideration.

3.1. Data Centers

Closers’ physical infrastructure is hosted and managed within Google and Amazon's secure data centers. They continually manage risk and undergo recurring assessments to ensure compliance with industry standards. Their data center operations have been accredited under:

• ISO 27001 (both)
• SOC 1 (both)
• SOC 2 (both)
• SOC 3 (Google)
• FISMA Moderate (Amazon)
• Sarbanes-Oxley (Amazon)

3.2. Payment Processing

Closers’ payment processing infrastructure is PCI Level 1 compliant for encrypting and processing customer credit card payments. This is the most stringent level of certification available in the payments industry. All card numbers are encrypted with AES-256.

3.3. Data Management

The General Data Protection Regulation (GDPR) is a European privacy regulation which replaces the EU Data Protection Directive called Directive 95/46/EC. The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law. We are big fans of GDPR here at Closers because we think it gives individuals important rights over their data. Closers is committed to always operating in the best interests of our customers and this includes compliance with GDPR. Closers' policy regarding GDPR compliances can he viewed at our [Data Protection & GDPR page](https://www.closersapp.com/gdpr)

4.1. Penetration Testing

Closers' infrastructure, application, and operations are manually penetration tested on a continual basis. The results are constantly reviewed with the assessors, risk ranked, and assigned to the appropriate team.

4.2. Physical Security

Closers utilizes certified data centers managed by Google and Amazon. Their data centers are protected with several layers of security to prevent any unauthorized access to your data. They use secure perimeter defense systems, comprehensive camera coverage, biometric authentication, and a 24/7 guard staff. They are located in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. For additional information see: google.com/about/datacenters/data-security/ and aws.amazon.com/security

6.1. Vulnerability Scanning and Protection

Our continuous vulnerability scanning infrastructure not only uses runtime monitoring for threats and anomalies, but also enables protection across an extensive array of attack vectors such as mixed content protection (assets encryption), data encryption strength (TLS), cookie tampering protection, blocking reflected XSS, restricting the browser from loading unapproved external assets, cookie exposure protection, real-time XSS protection, real-time SQL injection protection, network services filtering, real-time DDoS protection, iframe rendering protection, MIME confusion protection, account takeover protection, and more. Furthermore, because Closers can identify vulnerabilities in real-time, instant notifications with full stack traces and severity levels will alert our team when security incidents occur. Closers’ risk management system then integrates the results to produce the level of risk and required remediation time frame for the appropriately assigned team.

6.2. Encryption

All sensitive data transferred to and from the Closers platform is encrypted using industry leading security standards and token-based authentication. Closers uses a 2048 bit Industry Standard SSL Certificate with 99.9% browser compatibility and 128/256 bit encryption. Passwords are encrypted using a password hashing function and thus the password itself is not stored. Backups are stored in an AES-256 encrypted buckets.

7.1 Application

Application data is automatically backed up as part of the deployment process on secure, access controlled, and redundant storage. These backups are used to automatically bring the application back online in the event of an outage.

7.2. Database

Customer data in the database uses Continuous Protection to keep data safe. Every change to your data is written to write-ahead logs, which are shipped to multi-datacenter, high-durability storage. In the unlikely event of unrecoverable hardware failure, these logs can be automatically 'replayed' to recover the database to within seconds of its last known state. We also provide you with the ability to backup your database to meet your own backup and data retention requirements.

7.3. Configuration and Meta-information

Configuration and meta-information is backed up every minute to the same high-durability, redundant infrastructure used to store database information. These frequent backups allow capturing changes made to the running application configuration added after the initial deployment.

7.3. Recovery

From our instance images to our databases, each component is backed up to secure, access-controlled, and redundant storage. Databases can be recovered to within seconds of the last known state, restoring system instances from standard templates, and deploying applications and data. In addition to standard backup practices, our infrastructure is designed to scale and be fault tolerant by automatically replacing failed instances and reducing the likelihood of needing to restore from backup.

Incident Response

Closers adheres to the GDPR’s requirement that notification occurs no later than 72 hours after breach awareness. Closers’ comprehensive Data Breach Response Plan is available upon request.

Disaster Recovery

Our platform automatically restores applications and databases in the case of an outage. The platform is designed to dynamically deploy applications, monitor for failures, and recover failed platform components including applications and databases. Closers’ comprehensive Disaster Recovery Plan is available upon request.

Privacy

Closers has a published privacy policy that clearly defines what data is collected and how it is used. Closers is committed to customer privacy and transparency. For more information on privacy, view ourprivacy policy

Employee Screening & Policies

As a condition of employment all Closers employees undergo pre-employment background checks and agree to company policies including security and acceptable use policies and training.

Contact

Our detailed Data Security Policy & Practices, Business Impact Analysis, Data Breach Response Plan, Business Continuity Plan, Disaster Recovery Plan, and other security policies and plans are available upon request. If you have any questions or feedback, please reach out to our support team by email at[email protected]