Product Security and Certifications
CloudTalk is dedicated to privacy, transparency, and high security, as demonstrated by our commitment to complying with the GDPR. All clients, even those outside the EU, are subject to these measures, guaranteeing the security and credibility of our services. Learn more about GDPR and CloudTalk.
CloudTalk is also ISO 27001:2013 certified. CloudTalk undergoes regular third-party independent audits on a regular basis and can provide the certificate upon request. Here’s everything else you need to know about CloudTalk’s security bona fides.
CloudTalk app security
CloudTalk uses a combination of various security tokens. Communication through our web interface is fully encrypted with the latest TLS version supporting Forward Secrecy.
- Data is encrypted during transmission between the client and server
- Passwords are encrypted using advanced one-way algorithms and are not stored for internal purposes
- WebRTC protocol phone calls are automatically encrypted, while SIP protocol calls can be encrypted by TLS
- Does not retain customer credit card information, as it is directly provided to the payment processor and encrypted from the moment of transmission.
Permissions
CloudTalk enhances internal data security by using different permissions for user roles (admin, agent, etc.) which allows you to prevent potential internal security breaches and data leaks.
SSO
CloudTalk offers your existing identity provider/SSO solution to be connected. The supported solution is Google SSO.
Cloud and infrastructure security
We’ve gone to great lengths to develop a robust security infrastructure at CloudTalk. Here’s what you need to know.
Data Centers & Physical security
CloudTalk uses highly secure and reliable data centers provided by Amazon AWS and Google Cloud Platform across 9 locations globally with SOC2 Type II and ISO 27001 certifications. They employ multi-level biometrics and other security measures to ensure physical access is only granted to authorized personnel. Full redundancy guarantees data safety in case of a system failure. Additionally, CloudTalk employees do not have physical access to the data centers or any related equipment.
Penetration Testing
CloudTalk regularly conducts independent, 3rd-party penetration testing at least once a year, with no customer data exposed to the security company. The results of the testing help prioritize mitigation and remediation efforts.
Encryption
CloudTalk uses 256-bit encryption to encrypt all data sent to or from the platform, and their API and application endpoints are exclusively TLS/SSL, which has earned an “A+” rating on Qualys SSL Labs’ tests. The company only employs strong cipher suites and has enabled features such as HSTS and Perfect Forward Secrecy.
CloudTalk uses 256-bit encryption to encrypt all data sent to or from the platform, and their API and application endpoints are exclusively TLS/SSL, which has earned an “A+” rating on Qualys SSL Labs’ tests. The company only employs strong cipher suites and has enabled features such as HSTS and Perfect Forward Secrecy.