Security Overview

This document is intended for any Clear To Go! customer or potential customer who wants to learn more about how Clear To Go! approaches security.

Clear To Go! Security Principles

We believe that the best way to achieve security is to build all systems and processes with security in mind and to leverage all modern tools and standards.

Our high level security principles include:

Infrastructure Security

Heroku

Clear To Go! uses Heroku (a Salesforce company) to assist with infrastructure management, scaling, and security. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout the world. Heroku is designed to protect from threats by applying security controls at every layer from physical to application, isolating customer applications and data, and with its ability to rapidly deploy security updates without customer interaction or service interruption.

Heroku has security standards published here: https://www.heroku.com/policy/security

Heroku is compliant with the following certifications:

Heroku also provides the following threat management tools:

Amazon Web Services

Clear To Go! also leverages Amazon Web Services (AWS) for certain infrastructure, and Heroku actually uses AWS infrastructure.

AWS has security standards published here: https://aws.amazon.com/security/ and https://aws.amazon.com/compliance/

Amazon is one of the most trusted hosting providers in the world. Amazon maintains a series of security certifications including:

AWS environments are continuously audited, with certifications from accreditation bodies across the globe. Amazon provides all server management for Heroku and Clear To Go. Clear To Go! is hosted in the US-East Amazon data center.

Application Security

Clear To Go! runs a modern web application and API backend. Our application is designed with security in mind.

Development Practices

We have robust testing framework in place which includes both automated testing as well as manual testing.

All code is reviewed by at least two engineers before pushing to production, and all deployments are signed off by the CTO.

If code is related to security or deemed to be high risk, at least three engineers must review the code, and additional testing must be completed before deployment.

Reviews include:

We review and promptly update any third party software used based on recent security updates.

Vulnerability Testing

Database Security

Security Incident Response

Clear To Go! is committed to keeping clients informed of any actual or potential security incidents and to provide support in the unlikely event of any incident.

Disaster Recovery and Business Continuity

Clear To Go is committed to providing a stable platform and is committed to restoring access to our systems quickly in the unlikely event of any disruption to our infrastructure or our business.

© 2020 Clear to Go, Inc.  All rights reserved.  Privacy PolicySecurity OverviewStatus