ClerkiQ
Sign Up

Security

How we protect your data: encryption, access control, and secure infrastructure.

Encryption

  • Transport encryption with TLS 1.2+ for all data in transit.
  • Database and object storage encryption at rest using cloud-provider managed keys.
  • Strict HSTS and secure cookies for authenticated sessions.

Data Handling & Privacy

  • Customer data is never used to train models without explicit consent.
  • Bank statement files are processed for extraction and retained per your retention settings; deletion requests are honored promptly.
  • Access to customer data is restricted to authorized personnel on a least-privilege basis and logged.

Access Control

  • Role-based access controls at the application level; audit trails for sensitive operations.
  • Multi-factor authentication required for production access by staff; just-in-time elevation for break-glass scenarios.

Infrastructure & Isolation

  • Hardened containers with read-only root where feasible and minimal attack surface.
  • Network segmentation between public edge, application layer, and data plane.
  • Secrets managed via environment vaults; no secrets in code or images.

Monitoring & Logging

  • Centralized logging with access controls; PII redaction where appropriate.
  • Runtime metrics, error tracking, and alerting for availability and security events.

Backups, Retention & Deletion

  • Automated backups for critical data stores with routine restore tests.
  • Data retained only as long as needed; deletion supported upon request. Automated retention controls are on our roadmap.

Vulnerability Management

  • Dependency scanning and container image scanning during CI.
  • Regular patch cadence and targeted hotfixes for critical CVEs.

Incidents & Responsible Disclosure

  • Documented incident response playbooks and on-call escalation.
  • Vulnerability disclosures welcome at support@clerkiq.co.za; we respond quickly and appreciate coordinated reports.