Data Security Policy

ClickGuard does not claim ownership over customer data. Customers retain full ownership of all data processed and stored within their ClickGuard accounts. As per GDPR (Art. 4(7) & 4(8)), customers act as the Data Controller, while ClickGuard operates as the Data Processor, ensuring compliance with all applicable data protection regulations

ClickGuard uses GCP (Google Cloud Platform) for hosting their software, and is delivered from SSAE16 audited data centers located in the United States. We periodically store encrypted snapshots in distributed geographic regions for disaster recovery.

ClickGuard is committed to protecting user accounts through strong authentication and access controls. Our security policies include:

Use passwords with a minimum length of 8 characters, including uppercase, lowercase, numeric, and special characters.

ClickGuard has security measures in place to prevent brute-force attacks and unauthorized access.

‍

ClickGuard supports SSO with OAuth 2.0 for enhanced authentication security. Users signing in through SSO do not need to provide a separate password, as authentication is handled by the respective platform.

‍

Users who do not use SSO must provide an email address and password to begin a session with ClickGuard.

ClickGuard employs 24/7 security monitoring with automated anomaly detection and intrusion prevention systems (IPS). All administrative access, user authentication logs, and security events are stored for a minimum of 12 months to comply with ISO 27001 logging requirements. Customers may request a security log export upon written request. Authorized employees have access to the production network and hosts, and all access is logged and monitored.

ClickGuard uses GCE (Google Compute Engine) for virtual machines. We build machine images that install only the software necessary to operate the Site. Our provisioning and configuration of GCE virtual machines are fully automated and repeatable. We promptly apply security updates to production hosts.

ClickGuard uses the Google Cloud Storage Standard for file storage. All files are encrypted at rest. We store an encrypted copy in another geographic region for disaster recovery purposes.

ClickGuard encrypts all customer data at rest using AES-256 encryption, the industry standard for secure data storage. For data in transit, ClickGuard enforces TLS 1.3 encryption to maintain end-to-end security for customer communications. Any sensitive data shared between users and ClickGuard is securely hashed and stored with cryptographic integrity protections.

ClickGuard maintains a structured Incident Response Plan (IRP) in compliance with GDPR Art. 33 and NIST Special Publication 800-61. In the event of a data breach impacting customer data, affected customers will be notified within 72 hours as required by GDPR. ClickGuard follows industry-standard forensic investigation practices and will provide a detailed post-incident report upon request.

ClickGuard guarantees 99.9% Service Level Agreement (SLA) uptime under standard operating conditions. In the event of system failures, our Disaster Recovery Plan (DRP) ensures:

‍

Recovery Time Objective (RTO): 2 hours

‍

Recovery Point Objective (RPO): 15 minutes

Geo-redundant storage replication for minimal downtime impact. Customers will be notified of any planned maintenance downtime at least 48 hours in advance.

‍

ClickGuard enforces mandatory security training for all employees, developers, and system administrators. Employees handling customer data undergo quarterly cybersecurity awareness programs to prevent social engineering, phishing attacks, and credential theft. We conduct annual compliance audits to verify adherence to security policies.

ClickGuard may utilize third-party sub-processors for data processing. A full list of approved sub-processors can be accessed in our Data Processing Agreement (DPA). All non-EU data transfers are conducted under the Standard Contractual Clauses (SCCs) (2021/914/EU) and EU-U.S. Data Privacy Framework. Customers are encouraged to review the DPA before engaging with ClickGuard services.

Please refer to our Terms of Service at https://www.clickguard.com/terms-of-service for information on how the ClickGuard service is delivered.

Have a concern? If you have any questions about the security of ClickGuard, please contact us at https://www.clickguard.com/contact-us/.