Last Updated: November 1, 2019
As a company that takes data security and privacy very seriously, we recognize that CallN’s information security practices are important to you. While we don’t like to expose too much detail around our practices (as it can empower the very people we are protecting ourselves against), we have provided some general information below to give you confidence in how we secure the data entrusted to us.
Application Security
- CallN account passwords are hashed. Even our own staff can’t view them. If you forget your password it can’t be retrieved and must be reset.
- The entire CallN application only transports data encrypted using TLS.
- All logins which includes the members website and API have brute force protection and enforce best practice password requirements.
- We perform regular external security penetration testing using different vendors. These tests include in-depth testing for vulnerabilities inside the application.
Data Sovereignty
- With data sovereignty concerns around the storage of your sensitive call data, we use data storage in a geographic location closest to you. Currently these locations include North America, Australia, Singapore and the EU.
Data Centre Security
- CallN utilises Amazon Web Service and Microsoft Azure to host all our application services which were chosen because of their commitment to security, scalability and reliability. Even then, we encrypt all of your data at rest when in the hands of these providers.
- We have deployed DDOS mitigation in our cloud as well as WAF firewalls using the latest OWASP recommendations.
- We have a documented continuity plan in case somehow multiple geographically dispersed datacentres should all go down at the same time.
Protection from Data Loss, Corruption
- All databases are mirrored, have encrypted storage at rest and include their own regular backup schedule to segmented storage.
- We have multiple layers of logic that segregate accounts from each other.
- All call data is stored on infrastructure with eleven 9’s’ of durability.
Certifications
- CallN holds a certification with ISO 27001:2013 as well as being GDPR compliant. We’re happy to share our certifications with you, just send us an e-mail and we’ll send it to you.
- CallN is working through USA HiPPA compliance, expected by December 2019.Internal Protocol and Education
- We have in place employee security policies and continuously train employees on best security practices.
- Employees on teams that have access to customer data (such as tech support and our engineers) undergo criminal history checks and sign NDA’s prior to employment.
- In order to protect our company, we are covered by comprehensive insurance policies. Coverage includes but is not limited to cyber incidents, data privacy incidents (including regulatory expenses), professional indemnity, property and business interruption as well as general liability coverage.
Protecting Ourselves Against You
- Yes, that’s right. We can have the best security possible, but if your computer is compromised and someone gets into your CallN account, that’s not good for either of us.
- We monitor and will automatically suspend accounts with signs of irregular or suspicious login activity.
- Certain changes to your account, such as changing your password, will trigger email notifications to the account owner.
- We monitor account activity for signs of abuse.
- We provide the ability to configure different access scopes to each user of your account.
Investing in Your Privacy
- Our Legal team partners with our developers and engineers to make sure our products and features comply with applicable international spam and privacy laws.
Responsible Disclosure
- If you’ve discovered a vulnerability in the CallN application, please don’t share it publicly. Instead, please submit a report to us via [email protected]. We thoroughly review all security concerns brought to our attention and take a proactive approach to any emerging security issues.