We respect your privacy    |    Used by 9,654 happy customers   |    608,160+ Content Generated

HomeSecurity

Security

Introduction: At Cloudthink, we are committed to revolutionizing the writing landscape while ensuring a secure and consistently available environment for content creation. This policy outlines our robust security practices, highlighting our dedication to security by design.

Protection of Customer Data: The Cloudthink Security team is entrusted with the responsibility of implementing and overseeing our security program. Our primary objective is to prevent unauthorized disclosure, use, and access to customer data. Our security program adheres to AICPA Trust Services Principles and evolves in accordance with industry best practices.

Third-Party Validation: Customers can request external reports through their designated account executive, providing transparency and assurance.

Adherence to Security Standards: We continually enhance the design and efficacy of our security controls. A respected third-party partner conducts independent assessments, and all audit findings are shared with our executive management.

Rigorous Penetration Testing: We engage an external third party to conduct annual penetration tests on our network and applications. The findings guide prompt remediation, and the results are communicated to our executive management.

Cloudthink’s Accountability:

Controlled Access: Following the principles of least privilege and role-based access control, Cloudthink provisions access to employees, limiting permissions to necessary job tasks. Regular user access reviews are conducted, including for production access. Multi-Factor Authentication (MFA) is mandatory for accessing production infrastructure and supporting systems.

Timely Employee Access Management: Access for terminated employees is revoked within two business days, and immediate action is taken for involuntary terminations.

Trusted Cloud Hosting: Cloudthink utilizes Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure for cloud hosting, with no data closets or servers hosted in our corporate offices. Data is stored in the US-East-1 region. Our utilization of serverless instances across these platforms ensures constant service availability. Kubernetes node components are fortified with secure configurations.

Thoughtful Data Retention: We retain customer data for the duration of their application use. Upon user account deletion or contract termination, customer data is expunged. Our hosting providers (AWS, GCP, Azure) ensure thorough disk and physical media sanitization.

Strong Encryption Protocols: Customer data is encrypted at rest and in transit, utilizing robust encryption methods. Data is transmitted using HTTPS with TLS1.2+ and AES256 encryption, with a default to TLS1.3 when feasible. Data at rest is safeguarded with AES256 encryption. Encryption keys are stored securely within AWS, GCP, and Azure, accessible only to authorized personnel with MFA. Key usage is closely monitored.

Secure Endpoints: Managed by Cloudthink, employee workstations are equipped with encryption, anti-malware, and idle lockout. IT ensures compliance with policies and maintains up-to-date systems.

Centralized Logging and Vigilance: Centralized logging encompasses all production systems, aiding in the identification and response to potential security breaches. Our Security team monitors logs and acts swiftly based on a well-defined incident response plan.

Network Security Measures: Cloudthink’s firewalls are configured to deny all incoming traffic by default. Firewall rules undergo annual reviews. Intrusion Detection System (IDS) alerts trigger immediate investigation. We deploy a Web Application Firewall (WAF) and Content Delivery Network (CDN) to counter web application vulnerabilities and enhance speed and protection.

Collective Responsibility: Safeguarding the Cloudthink environment is a shared responsibility among all employees, contractors, and temporary workers with access to our information systems. Background checks and confidentiality agreements are prerequisites for employment. Security awareness training is mandatory for all, covering phishing, remote work, and incident reporting. Employees review the employee handbook and code of conduct policy. Non-compliance with corporate policies may lead to disciplinary measures.

Secure Development Philosophy: Cloudthink follows a secure software development lifecycle (SDLC), including peer code reviews and version control. Access to source code requires MFA. All code changes follow a change management process. Our agile approach enables continuous enhancements to the Cloudthink application.

Third-Party Partnerships: Cloudthink collaborates with select third-party partners (subprocessors) for essential services. These partners are continuously monitored to ensure alignment with our security standards. We reevaluate subprocessors annually, reviewing their security programs and audit reports. 

Proactive Vulnerability Management: We conduct daily vulnerability scans on in-scope systems, responding promptly based on the severity of identified vulnerabilities.

Customer’s Role in Security: While Cloudthink oversees most security controls, customers are responsible for securing their user accounts, including robust passwords and proper account management. Customers should evaluate data input appropriateness. Notably, Cloudthink is not PCI or HIPAA compliant, so sensitive information like cardholder data and protected health information should not be shared.

In Conclusion: Safeguarding customer privacy and data security is at the core of Cloudthink’s mission. We believe transparency and customer success drive our efforts. This comprehensive policy offers a transparent view of Cloudthink’s security program, fostering trust and confidence among our valued customers.