Security Overview

ClearGrid maintains the highest standards of security and compliance to protect your data and ensure regulatory adherence. Our framework covers all aspects of data handling and system security.

Authentication & Access Control

Single Sign-On (SSO)

ClearGrid uses SAML 2.0–based SSO via JumpCloud for centralized authentication.

  • Centralized Identity Management: One login across all ClearGrid services

  • Enhanced Security: Eliminates password-related risks

  • Seamless Access: Authenticate once, access all authorized resources

  • Auditability: Full logging of authentication events

  • Integration Ready: Works with most identity providers

Implementation Highlights

  • Encrypted assertion exchange

  • Real-time user provisioning/de-provisioning

  • Automatic session management

  • Support for IdP-initiated and SP-initiated flows

Multi-Factor Authentication (MFA)

Mandatory for all accounts:

  • SMS-based codes

  • Authenticator apps (Google Authenticator, Authy)

  • Hardware tokens

  • Backup authentication methods

  • Risk-based adaptive MFA

Role-Based Access Control (RBAC)

Granular, role-specific permissions ensure least-privilege access. User Roles:

  • Administrator: Full access

  • Manager: Portfolio oversight

  • Agent: Day-to-day collections

  • Analyst: Read-only for reporting

  • API User: Programmatic integrations

Permissions include account-level controls, feature-based restrictions, data visibility filters, and time-based access rules.

API Authentication

  • OAuth 2.0: Secure flows (client credentials, authorization code) with automatic token refresh and scope-based permissions

  • API Keys: Securely generated, rotated, and environment-specific (dev/prod)

  • Rate Limiting: Abuse and DoS protection

  • Monitoring: Usage tracking and alerts

Data Protection

Encryption

  • In Transit: TLS 1.2+, Perfect Forward Secrecy (PFS), certificate pinning, encrypted DB connections, secure SFTP/HTTPS

  • At Rest: AES-256, database and filesystem encryption, encrypted backups, key rotation policies

Data Classification

ClearGrid categorizes data into Highly Sensitive, Sensitive, Internal, and Public, applying controls accordingly.

  • Automated classification and tagging

  • DLP policies for prevention of unauthorized transfers

  • Secure data disposal procedures

  • Cross-border transfer controls

Data Residency & Sovereignty

  • Multiple geographic data centers

  • Data localization options for compliance

  • Sovereignty guarantees with legal protections

  • Regulatory alignment across jurisdictions

Infrastructure Security

Cloud Security Architecture

  • Isolated environments (network segmentation)

  • Firewalls with advanced threat detection

  • Intrusion detection and monitoring

  • DDoS protection

  • Load balancing and redundancy

Security Monitoring & Incident Response

  • 24/7 SOC with real-time monitoring and automated alerts

  • Defined incident response plan: containment, forensic investigation, escalation, remediation, and communication procedures

Vulnerability Management

  • Regular penetration testing by independent firms

  • Continuous vulnerability scanning

  • Secure code reviews (static/dynamic analysis)

  • Dependency and library monitoring

  • Managed patch updates

Compliance & Certifications

Certifications

  • SOC 2 Type II: Independently audited controls, continuous monitoring, customer reports available

  • ISO 27001: Global standard for information security, with regular audits and risk assessments

Regulatory Alignment

  • GDPR: Rights to access, rectify, erase, and port data; DPIAs; breach notifications

  • CCPA and PIPEDA: Full compliance with regional data rights

  • Banking & Financial Regulations: Jurisdiction-specific compliance mapping

Data Processing Agreements (DPAs)

  • Defined purposes for processing

  • Retention and disposal rules

  • Sub-processor management

  • Data transfer mechanisms

  • Liability and indemnification terms

Monitoring & Auditing

Audit Logging

Immutable logs across all activities:

  • Authentication & authorization events

  • Data access and changes

  • Configuration updates

  • API usage

  • Administrative actions

Logs are centralized, encrypted, and retained long-term for compliance reporting.

Continuous Monitoring

  • User behavior analytics

  • Anomaly and threat detection

  • Real-time compliance status tracking

  • Performance and availability monitoring

Regular Security Reviews

  • Quarterly internal security assessments

  • Annual penetration testing

  • Continuous risk assessments

  • Ongoing staff security training

Privacy & Data Rights

ClearGrid implements Privacy by Design principles.

Data Subject Rights

  • Access, rectification, erasure, portability, objection

  • Clear opt-out processes

  • Verified response procedures

Privacy by Design Measures

  • Data minimization

  • Purpose limitation

  • Storage limitation

  • Integrity and confidentiality safeguards

Business Continuity & Disaster Recovery

  • High Availability: Multi-region deployment, load balancing, DB replication, 99.9% uptime

  • Disaster Recovery: RTO ≤ 4 hours, RPO ≤ 1 hour, automated backup/restore, geo-distributed backups

  • Regular DR testing for assurance

Security Awareness

Staff Training

  • Security awareness & phishing simulations

  • Incident response readiness

  • Compliance and role-specific training

Customer Security Resources

  • Security best practices

  • Integration security guidelines

  • Compliance documentation

  • Assistance with security questionnaires

  • Regular updates and advisories

PreviousSFTP IntegrationNextOur Offerings

Last updated