ClickTime's Commitment to Trust

Security is built into the fabric of our products, team, infrastructure, and processes, so you can rest assured your data is safeguarded.

Privacy and Security Policies

We are steadfastly dedicated to safeguarding your privacy and security. Our policies and procedures are not only meticulously documented, but are also subject to annual reviews and timely updates to reflect evolving best practices.

Terms of Service Cookie Policy GDPR Privacy Policy

Application Security

We understand that software security is extremely important. From the early stages of design and development, all the way through deployment and maintenance, our focus on application security ensures that our software remains robust, resistant to unauthorized access, and trustworthy.

Penetration Testing

On an annual basis, we engage an independent third-party expert to conduct penetration testing. This specialized assessment provides a focused, in-depth evaluation of our production architecture, enabling us to identify and address potential vulnerabilities.

Bug Bounty Program

We run a Security Reward Program, inviting security experts worldwide to continuously probe our platform for vulnerabilities. This proactive initiative allows us to promptly identify and rectify any security gaps, reinforcing the integrity and safety of our services.

SDLC

Built into our Software Development Life Cycle, we incorporate security practices throughout our platform’s planning, development, and release processes. We have procedures in place that logically and physically separate production and non-production environments.

Data Security Policies

We implement stringent data security policies, adhering to industry-leading standards and best practices, to ensure the utmost protection of our users’ information and data.

Datacenter Physical Security

ClickTime’s data center is housed at a Tier 1 colocation facility. Advanced entry security, ﬁre protection, and extensive backup power generation are provided at this facility. All access to the datacenter is controlled 24/7 by security guards and video surveillance. Additionally, our facility has been given SOC2 certification.

Data Security

The ClickTime servers reside behind industry-standard firewalls and security appliances. Only our customer-facing web servers have any ports exposed to the public Internet; all database systems are invisible to the outside world. All servers are monitored around the clock by three redundant systems. An alert is generated at any sign of intrusion, denial-of-service, or service outage, and any significant events trigger automated calls to personnel on-call 24x7x365. All web servers and sites have 2048-bit SSL certificates issued by Network Solutions, verifiable by customers at any time.

Load-balancing & Redundancy

ClickTime’s public web servers are fully redundant and actively load-balanced. Any individual machine can fail completely without interrupting public access to ClickTime. In addition, customer traffic is always routed to the fastest available machine.

Data Storage

On-Site Backup
The ClickTime database (containing all live customer data) is backed up every 30 minutes to multiple machines on the same network within the same colocation facility. Therefore, maximum potential data loss in the event of a primary and secondary database failure is approximately 30 minutes.
Off-Site Backup
An encrypted snapshot of the ClickTime database (containing all live customer data) is sent twice daily to a storage datacenter, rendering data loss in the event of a regional disaster minimal.
Secondary Facilities
In the event that ClickTime’s primary datacenter is damaged or unavailable, ClickTime maintains the ability to restore access to a cloud based DR site within 24 hours.

Data Deletion

We securely delete (ex. degaussing / cryptographic wiping) and destroy retired equipment and media (hard drives, SSDs, etc.).

Availability & Reliability

ClickTime has maintained over 99.9% uptime since 1999. We publish system status updates on our system blog.

Operational Security

We prioritize operational security, employing continuous monitoring, regular security audits, and proactive incident response measures to maintain the integrity and confidentiality of our clients’ data.

Personnel Security

We perform background checks, signed confidentiality agreements, security policy / procedure acknowledgment, annual security training, and acceptable use agreements in addition to termination / access removal processes. Access to our systems and your data is restricted only to those who need it, based on the principles of least privilege.

Endpoint Security

In order to ensure the security of company-owned devices, we use endpoint encryption, antivirus protection, and endpoint management tools. We maintain a complete inventory of all our critical assets, and upon termination of contract or business relationship, employees and business partners are adequately informed of their obligations for returning organizationally-owned assets.

Vendor Management

Every subprocessor of ours undergoes a rigorous procurement process, including a thorough evaluation of their security measures, to confirm their commitment aligns with the high level of trust we extend to our customers. Following their integration into our supply chain, we conduct annual security audits on each provider to maintain the integrity of our services.

Business Continuity & Disaster Response

While we work tirelessly to prevent them, disasters happen and that is why we create, maintain, and execute plans for them. At a minimum, once a year, we come together to assess new risks, design new plans, review existing plans, and test likely failure scenarios to exercise the plans as if they were occurring in real time.

Incident Management & Response

ClickTime has incident management policies and procedures in place to handle any incidents. In the unlikely event of a security breach, ClickTime will promptly notify you of any unauthorized access to your Customer Data.

Data Protection Officer

ClickTime has appointed a data protection officer where such appointment is required by Data Protection Laws and Regulations. The appointed person may be reached at privacy@clicktime.com.

Compliance Standards We Follow

Self-Assessment

Request ClickTime’s CAIQ-lite v.3.1 by emailing us at support@clicktime.com.

Your Partner in Trust

At ClickTime, trust is not just a word; it’s a commitment we uphold every day. We understand the importance of trust in our relationships with customers, partners, and employees. Our unwavering dedication to security and integrity serves as the foundation upon which we build lasting and meaningful connections. We invite you to join us on this journey, confident in the knowledge that your trust is not just earned but safeguarded every step of the way.

Get a Demo