Security
ClickTime provides this information to better inform account administrators, users, and prospective customers. This list reflects our practices at the time this page was published, and we update our policies from time to time. This document is advisory only; it does not reflect a binding obligation to perform any particular security or backup function for any individual customer, nor is it a promise of what policies or procedures we might follow in the future.
Datacenter Physical Security
ClickTime’s data center is housed at a Tier 1 colocation facility. Advanced entry security, fire protection, and extensive backup power generation are provided at this facility. All access to the datacenter is controlled 24/7 by security guards and video surveillance. Additionally, our facility has been given SOC1 certification.
Data Security
The ClickTime servers reside behind industry-standard firewalls and security appliances. Only our customer-facing web servers have any ports exposed to the public Internet; all database systems are invisible to the outside world. All servers are monitored around the clock by three redundant systems. An alert is generated at any sign of intrusion, denial-of-service, or service outage, and any significant events trigger automated calls to personnel on-call 24 hours a day. All web servers and sites have 2048-bit SSL certificates issued by Network Solutions, verifiable by customers at any time.
Data Encryption
Sensitive data is encrypted with AES (the Advanced Encryption Standard), both at rest and in transit. Passwords are stored as 1-way hashes, unreadable by anyone and unable to be retrieved in clear-text.
RAID
The ClickTime databases reside on RAID arrays, which can sustain the failure of any drive mechanism and immediately deploy standby hot spares. All front-end web servers employ mirrored volumes for additional redundancy.
Load-balancing & Data Mirroring
ClickTime’s public web servers are fully redundant and actively load-balanced. Any individual machine can fail completely without interrupting public access to ClickTime. In addition, customer traffic is always routed to the fastest available machine. The Primary database is mirrored to a Secondary database in real-time. The Secondary database can assume the functions of the Primary database in the event of a Primary database failure.
RAID
On-Site Backup
The ClickTime database (containing all live customer data) is backed up every 30 minutes to multiple machines on the same network within the same colocation facility. Therefore, maximum potential data loss in the event of a primary and secondary database failure is approximately 30 minutes.
Off-Site Backup
An encrypted snapshot of the ClickTime database (containing all live customer data) is sent daily to a storage datacenter, rendering data loss in the event of a regional disaster minimal.
Secondary Facilities
In the event that ClickTime’s primary datacenter is damaged or unavailable, ClickTime maintains the ability to restore access via Amazon Web Services (AWS) and/or Microsoft Azure within 24 hours.
Incident Management & Response
ClickTime has incident management policies and procedures in place to handle any incidents. In the unlikely event of a security breach, ClickTime will promptly notify you of any unauthorized access to your Customer Data.
Data Protection Officer
ClickTime has appointed a data protection officer where such appointment is required by Data Protection Laws and Regulations. The appointed person may be reached at privacy@clicktime.com.
Last Updated: April 1, 2019