ClickSend Security

We host your data on infrastructure provided by Amazon Web Services (AWS). We build on Amazon to ensure our infrastructure is compliant with a number of requirements, as AWS is accredited with the following assurance programs/standards: including ISO 27001, HIPAA and SOC2. A full list of compliance standards is available at the AWS Security and Compliance.

ClickSend has a Physical Security Policy in place. Our Data is stored by AWS.

Data connections between customers and ClickSend are protected with TLS 1.2 using AES ciphers. This encryption, when configured correctly by customers, is equivalent in strength to the recommendations provided by the Australian Government Information Security Manual and aligns with the stringent requirements of a number of other government and industry standards.

Customer data transfers within ClickSend are protected by segregated networks or Virtual Private Networks. Where ClickSend platform and data access is required, this is strictly limited only to necessary staff.

We enable encryption of sensitive data at rest and data in transit.

Security events and other logs from our platforms are recorded and monitored in accordance with industry practices.

Security Incidents are managed according to our internal Security Incident Response plan, which is compliant with Australian Privacy Act requirements, including in connection with the mandatory data breach notification scheme.

We only use customer data to provide our Services; we do not share it with any third party (except to provide a service to you) nor use it for marketing purposes. Also please refer to our Privacy policy.

Your data is yours — 100%. For deletion of data, please refer to our Trust Centre and Privacy policy.

We don't mine or access your data for commercial purposes and only access it to provide our Services.

ClickSend has a Back Up Policy and Disaster Recovery Plans (DRP) in place, please refer to our Trust Centre.

ClickSend networks are segregated from normal corporate networks and the internet either physically, using Virtual Private Networks or cloud-based networks. Access to these networks is secured using firewalls and network configuration to limit access to what is required. Where ClickSend access is required, this is limited only to necessary staff.

Customer access (authentication and authorisation) provides discrete control over accounts who have access to customer accounts, including:

• Individual Customer Accounts for each user to improve authentication.
• The ability to manage your own API keys for programmatic connectivity in our ClickSend Web Portal.

For ClickSend staff access, we use:

• A single corporate staff directory supported role-based access control.
• Multi-factor authentication (MFA) for all staff access, including re-authentication for Privileged User Access.

Please refer to sub-processors page

ClickSend builds its integrations with other ecosystems (including Shopify, HubSpot and NetSuite integrations) securely. ClickSend cannot secure the customer installations of these ecosystems or configurations of these ecosystems, including access control, auditing of ecosystem functions, infrastructure security or other compliance requirements. Where we have control of integration configuration, we will ensure that Data in Transit is encrypted appropriately according to the guidance above.

We offer you the ability to control privacy impacting features.

ClickSend provides tools and features that enable you and our internal teams to monitor your ClickSend environment, improve security, and reduce risk. All customers have access to:

• Alert notifications when specific events occur or thresholds are exceeded.

The ClickSend team has internal monitoring and security tools for:

• Deep visibility into API calls, including who, what, who, and from where calls were made.
• Log aggregation options, streamlining investigations and compliance reporting.