Security
The protection and security of our customer data is a high priority at ClientShelf. Listed here are the measures we adopt to ensure the integrity of your data:
1. PRODUCT SECURITY
Reliability
Our cloud-based platform engineered for redundancy and high availability.
The hosted servers by Hostinger have SLAs for 99.99% availability.
Our platform uses load balancing techniques to auto-scale when demand is high.
Passwords
User sessions and tokens are securely stored and managed by JWT tokens.
Passwords are encrypted using the SHA1 hashing algorithm. Individual users can only reset their passwords.
We enforce a very strong password requirement for all users to log in to their accounts.
The password must meet the complexity strength validation requirements for a very strong password.
We have the option of two-factor authentication for added security to your login.
2. NETWORK AND APPLICATION SECURITY
Data Hosting
At the infrastructure level, ClientShelf is deployed on Hostinger Cloud Hosting which is CloudLinux within an LVE container. Hostinger’s physical infrastructure is hosted on Google Cloud servers.
Hostinger uses a built-in Web Application Firewall (WAF) on each server which protects against web exploits, attacks and bots.
Backups
Our database is continuously versioned for recovery purposes using scheduled daily backups.
Encryption and Sessions
Our web application (https://clientshelf.com/app) is only accessed via HTTPS and the entire HTTPS web application framework is protected with SSL certification.
Sessions are authenticated with a 23-character security token.
All network traffic is encrypted both inside and outside our network.
Users automatically logged out after a prolonged period of inactivity and re-login with code is required to access the application.
ClientShelf uses CloudFlare technology for added security and protection from attack
3. ADDITIONAL SECURITY MEASURE
Payments
We do not store your Credit Card details. We outsource the processing of your payments to Stripe, a specialist secure PCI DSS compliant company. You can view Stripe’s credentials here:
Segregation of Duties
ClientShelf staff do not have access to your data.
The exception to this is when our Customer Support team or Engineers need to debug issues or configure your account.
In such circumstances, we will only access your data with your express permission.
Production and Staging logins are separated between Support and Engineering Teams, meaning Engineers are not able to access Production Data without making a specific request.