Security & Privacy

Cloverleaf understands the vulnerability of getting coached and opening up about our personalities. At Cloverleaf, this means that Security and Privacy come first. We understand that trust is the foundation of growth.

Certifications

Cloverleaf’s substantial investment is recognized through world-leading attestations and certifications. Cloverleaf is SOC 2 Type II compliant in all five Trust Criteria (Security, Availability, Confidentiality, Processing Integrity, and Privacy) and holds no exceptions in it’s auditor’s report, available at trust.cloverleaf.me. Cloverleaf also holds ISO 27001 certification under the most recent, more demanding 2022 criteria.

Validation

Cloverleaf runs an extensive battery of security and vulnerability scans on each and every change and resource deployment. Recognized Security Professionals provide penetration testing and Cloverleaf conducts business continuity testing on at least an annual basis. Cloverleaf seeks and rewards insight from independent security researchers with its Bug Bounty program (cloverleaf.me/bug-bounty). All this — to ensure with multiple layers that your data is safe with us.

Training

Cloverleaf’s Information Security and Engineering professionals bring decades of experience helming industry-leading enterprise systems at Kroger, Blackboard, Genesys, and the US Department of Homeland Security. Engineering leadership works diligently to stay ahead of emerging trends in both Security and Privacy (including AI), and all engineers invest time in security trainings. The emerging, multi-jurisdictional legal landscape of Privacy is front of mind. Engineering and data leaders have undergone IAPP (International Association of Privacy Professionals) certified trainings and are building systems with Privacy best practices that comply with the legal frameworks of today (GDPR, CPPA, CPRA, etc.) and tomorrow.

Philosophy

Cloverleaf builds with software industry best practices that minimize the surface area where mistakes or attacks can occur. Cloverleaf always builds to minimize vulnerability — least privilege, encryption in flight and at rest, pseudo-anonymized data in processing, minimization of personal and sensitive data stored.

Cloverleaf builds infrastructure with code (IaC) in hierarchical, account-isolated environments in multiple Availability Zones. Application nodes are short-lived and immutable. Data follows automated lifecycle management with regular backups. Production environments are single-purpose and locked down to minimum ingress and egress. The application and infrastructure have been audited for Well-Architected Principles. Cloverleaf is helmed by industry veterans constantly looking to learn and improve — and we take it personally.

FAQs

Cloverleaf closely follows advances in AI legislation and Privacy, and builds following Privacy Profession best practices to stay ahead of the changing legislative landscape. You likely have concerns about legal exposure — we know, and we have your back. On the Privacy front, we have IAPP-trained professionals scrutinizing our practices for using and storing data. On the AI front, each advance we make is calculated to stay well outside of legal danger zones — and we are building with the idea that customers’ comfort with AI may vary — we want to help you utilize only the features you are comfortable with. You can read more about our stance on AI here.

Cloverleaf is both SOC 2 Type II and ISO 27001:2022 certified! Additional information is available at https://trust.cloverleaf.me/.

No! Cloverleaf is opposed to selling customer data. Cloverleaf will only use your data as described in our Privacy Policy and Terms of Service

Whether you think in terms of supply chain, vendors, 3rd/nth-party management, or subprocessors, you need to know that the company you are contracting with is ensuring that the companies they are contracting with are keeping your data safe. Cloverleaf regularly evaluates its vendors for high security and reliability standards that match what you expect from us, and Cloverleaf ensures that the appropriate legal safeguards are in place. All third parties that touch personal data are listed here.

Have a Question We Didn’t Answer?

Contact us to learn more. We would be delighted to help you bring Cloverleaf to your organization.