Cloverpop for Microsoft Teams and Slack Decision Security
Keep track of your decisions in Teams or Slack without sharing your channel histories or cluttering your work with unnecessary messages.
We make that simple promise because trust is the foundation of our company and our product. Your decisions are important, and your privacy and data security are our most important priority.
We follow strict principles and privacy policies, going above and beyond to ensure we always meet and typically exceed industry standards for protecting your data.
SOC 2 Type 1
Certified Trust Services Principles
EU/US Privacy Shield
Certified Data Privacy Practices
GDPR
General Data Protection Regulation
Your Decision Security Is Our Top Priority
Infrastructure Security
- Hosting & Service Providers: Cloverpop is hosted on Heroku using Amazon Web Services (AWS) cloud infrastructure. You can learn more about Heroku’s security here. You can learn more about Amazon’s security here.
- Encryption In Transit & At Rest: All of your Cloverpop data is sent via HTTPS with 256-bit encryption. Cloverpop gets an “A+” rating from Qualys SSL Labs. We encrypt all at-rest data in our production database and all backup versions.
Application Security
- Authentication: Cloverpop authentication is handled by Microsoft Teams or Slack. You can enable single sign-on (SSO) and 2-factor authentication (2FA) on your Teams or Slack account for an added layer of security. You can learn more about Team's security here and Slack’s security here.
- Email Verification: For accounts set up with email, we verify that email address belongs to you and store your password in a secure hash according to industry standards.
- Permissions: Cloverpop adheres to your Teams and Slack content and channel permissions for decision access. In addition, Cloverpop has permission settings within the app for administering user roles and billing management.
Operational Security
- Confidentiality & Authentication: Access to customer data is strictly limited to authorized employees whose job functions require it. All Cloverpop employees sign confidentiality agreements. Additionally, 2FA and strong password policies are used to protect access to all cloud services that touch customer data.
- Security Policies & Incident Response: Cloverpop has comprehensive security and awareness policies, and documented security response procedures. These policies and procedures are updated as necessary, audited regularly and shared with all employees.
- Continuous Improvement: All new product features and internal processes are peer-reviewed and evaluated for their security impact before they are released to production. We continuously monitor and improve our security practices.
Continuity & Availability
- Backups & Data Recovery: Everything stored on Cloverpop is backed up daily. We have documented recovery procedures to restore from backup within an hour. You may also export your Cloverpop decision content via CSV at any time.
- Availability: Cloverpop is a high-availability service that our customers can trust. We have 12-month total uptime of 99.98%, and over 99.99% uptime excluding planned maintenance windows. If incidents do arise, we resolve them as quickly as possible. Cloverpop is hosted in US facilities with automatically scaling hosting infrastructure and established disaster recovery procedures.
Security Questions?
Feel free to contact us at security@cloverpop.com