ClickTime’s data center is housed at a Tier 1 colocation facility. Advanced entry security, fire protection, and extensive backup power generation are provided at this facility. All access to the datacenter is controlled 24/7 by security guards and video surveillance. Additionally, our facility has been given SOC2 certification.

The ClickTime servers reside behind industry-standard firewalls and security appliances. Only our customer-facing web servers have any ports exposed to the public Internet; all database systems are invisible to the outside world. All servers are monitored around the clock by three redundant systems. An alert is generated at any sign of intrusion, denial-of-service, or service outage, and any significant events trigger automated calls to personnel on-call 24x7x365. All web servers and sites have 2048-bit SSL certificates issued by Network Solutions, verifiable by customers at any time.

ClickTime’s public web servers are fully redundant and actively load-balanced. Any individual machine can fail completely without interrupting public access to ClickTime. In addition, customer traffic is always routed to the fastest available system.

On-Site Backup

‍The ClickTime database (containing all live customer data) is backed up every 30 minutes to multiple machines on the same network within the same colocation facility. Therefore, maximum potential data loss in the event of a primary and secondary database failure is approximately 30 minutes.

‍Off-Site Backup

‍An encrypted snapshot of the ClickTime database (containing all live customer data) is sent twice daily to a storage datacenter, rendering data loss in the event of a regional disaster minimal.

‍Secondary Facilities

‍In the event that ClickTime’s primary datacenter is damaged or unavailable, ClickTime maintains the ability to restore access to a cloud based DR site.

We securely delete (ex. degaussing / cryptographic wiping) and destroy retired equipment and media (hard drives, SSDs, etc.).

We perform background checks, signed confidentiality agreements, security policy / procedure acknowledgment, annual security training, and acceptable use agreements in addition to termination / access removal processes. Access to our systems and your data is restricted only to those who need it, based on the principles of least privilege.

In order to ensure the security of company-owned devices, we use endpoint encryption, antivirus protection, and endpoint management tools. We maintain a complete inventory of all our critical assets, and upon termination of contract or business relationship, employees and business partners are adequately informed of their obligations for returning organizationally-owned assets.

Every subprocessor of ours undergoes a rigorous procurement process, including a thorough evaluation of their security measures, to confirm their commitment aligns with the high level of trust we extend to our customers. Following their integration into our supply chain, we conduct annual security audits on each provider to maintain the integrity of our services.

While we work tirelessly to prevent them, disasters happen and that is why we create, maintain, and execute plans for them. At a minimum, once a year, we come together to assess new risks, design new plans, review existing plans, and test likely failure scenarios to exercise the plans as if they were occurring in real time.

In the unlikely event of a security breach, ClickTime will promptly notify you of any unauthorized access to your data. To report a security or privacy issue, email us at securityincidents@clicktime.com.

ClickTime has appointed a data protection officer where such appointment is required by Data Protection Laws and Regulations. The appointed person may be reached at privacy@clicktime.com