The security of your data and those of your customers (or recipients of Clustdoc Requests to complete an application) is an essential element of our activity and is our top priority.
Clustdoc's security policy is based on a thorough reflection and a long term work with experts in Cyber-security, integrating state-of-the-art security measures in our procedures, applications and infrastructures.
Clustdoc integrates many technical elements to protect your personal information, your account and your customers.
In addition to Clustdoc's security measures, the following practices will help you protect your Clustdoc account. We encourage you to review them and impose them as regular practices in your organization.
Protect your business on the Internet
- Make sure your browser and anti-virus software have the most recent updates.
- Disable automatic login or auto-filled passwords in your browser. This way, if your computer is ever lost or stolen, the thief cannot automatically log into your Clustdoc account and access your files. Or if you do, combine this with another manual login verification method.
- Activate 2FA authentication on all your apps as much as possible
- Use a strong password that is difficult to guess.
Apply and have all your employees apply the right password security practices. Here is our advice on this:
- Do not use any personally identifiable information in your password (name, username, birthday, names of family members)
- Do not use the password you use for Clustdoc for other sites, such as your email or social networking accounts.
- Send frequent reminders to your employees to change all their passwords (including Clustdoc's)
- Do not allow multiple people to access a Clustdoc user's account with the same password for any reason.
- Avoid passwords that are too short, without numbers or special characters.
- Use recognized secure password storage solutions such as LastPass.
Beware of phishing
Phishing consists (for a hacker or a malicious person) in trying to obtain personal information via fraudulent websites or emails. Here are some tips to avoid this kind of attacks.
🔔 Clustdoc will never ask you to submit your password or any other sensitive information by email or on an unsecured website.
- Learn how to recognize a fraudulent email
Pay particular attention to the sender of the emails, if the sending address (sender) does not end with '@clustdoc.com' it is possible that this email does not come from our company.
Do not stop at the name that appears at the level of the sender but at the email address of origin of the email that you received.
Many phishing emails mask their real email addresses and make the emails appear to come from a legitimate source when they are not.
Below is an example of an email sent by your trusted provider.
Below is an example of a phishing attempt, as you can see the sender name is still Clust (or Clustdoc) but the email is not from us.
If you receive an email that looks suspicious, feel free to take a screenshot (before deleting it) and send it to us at firstname.lastname@example.org.
Rule #1: NEVER click a link or button in a phishing email.
- Always log out when you are finished using Clustdoc.
Be careful when using a computer that does not belong to you, such as one in a library or Internet café. Don't hesitate to go into your session history and delete your browsing history before returning the computer.
Protect your customers
As a Controller, you are responsible for the collection of documents from your customers or suppliers by Clustdoc (The Processor).
Here are our tips to protect their information and reassure them in the context of the collection of their documents and data.
If you use the Clustdoc solution and you are based in the European Union, you must sign a Data Processing Agreement.
In order to follow in your business this transparency requirement rightly imposed by the GDPR, you must:
- Add the link to this agreement (normally available on your site) in the relevant section of your Clustdoc account so that your recipients can review it before sending their documents.
- Apply the principles of the GDPR
If you are located in the European Union, the fundamental principles of the GDPR also apply to your company. As a Processor and Trusted Third Party, we are available to help you implement them should the case arise.
- Activate our GDPR compliance features
Clustdoc is the first solution that actively develops features that allow you to achieve higher compliance when managing customer records. Here are the features we invite you to use in this context.
- Capture consent from the portal
- Audit trail of your clients applications
- Privacy requests Manager
- Automated data flush
- 2 Factor authentication
- Passwords lifetime