Security

Reliable and safe operation of your business phone system. Your data and VoIP services are safe with us. All CloudTalk data are stored in modern safe data centers with 24/7 monitoring.

Security and compliance are top priorities for CloudTalk. We’ve built our product according to the highest security standards to keep your communication and data safe. Our security team constantly monitors potential security threats and proposes relevant security patches. So you can rest assured that your data are always safe with us.

We know that contacts and call logs are valuable for you, so we never disclose such information to third parties under any circumstances and protect them as if they were our own data.

Compliance with ISO 27001

CloudTalk is ISO 27001:2013 certified. CloudTalk undergoes regular third-party independent audits on a regular basis and can provide the certificate upon request.

Security practices

CloudTalk team follows recommendations established by security standards ISO 27001/27002, PCI/DSS and the OWASP security project. CloudTalk is GDPR compliant. All our customers’ data are partitioned to ensure that they cannot be accessed by other clients or unauthorized persons.

Product security

CloudTalk app security

CloudTalk uses a combination of various security tokens. Communication through our web interface is fully encrypted with the latest TLS version supporting Forward Secrecy.

• All data are encrypted during transmissions between the client and the server.
• All passwords are encrypted by an advanced one-way algorithm. Passwords are never stored for internal purposes.
• All phone calls made through the WebRTC protocol are automatically encrypted and those made through the SIP protocol can be encrypted by TLS.
• CloudTalk does not retain information on customer credit cards. All data are directly provided to our payment processor and our company does not even have access to such information (data are encrypted from the moment the transmission starts).

Permissions

CloudTalk enhances internal data security by using different permissions for user roles (admin, agent, etc.) which allow you to prevent potential internal security breaches and data leaks.

SSO

CloudTalk offers your existing identity provider/SSO solution to be connected. The supported solution is Google SSO.

Cloud and infrastructure security

Data centers & Physical security

CloudTalk uses secured data centers of Amazon AWS and Google Cloud Platform in 9 globally distributed data centers with the accessibility of min. 99.993%. These data centers provide a high level of security all over the world with SOC2 Type II and ISO 27001 certifications, among others. They use multi-level biometrics and other security safeguards to restrict physical access only for authorized persons. The full redundancy of these data centers ensures that your data are safe even in the event of a system failure or a disaster.

CloudTalk employees do not have physical access to Amazon and Google data centers, servers, network equipment, or storage.

Penetration testing

CloudTalk undergoes regular penetration testing conducted by an independent, 3rd-party security company. Penetration testing is performed no less often than annually. No customer data is exposed to the security company through penetration testing. Outcomes of penetration testing are used to set mitigation and remediation priorities.

Encryption

All data sent to or from CloudTalk is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs‘ tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.

High availability

Every part of the CloudTalk uses properly-provisioned, redundant servers (e.g., redundant voice infrastructure, multiple load balancers, web servers, replica databases) in the case of failure. As part of regular maintenance, servers are taken out of operation without impacting availability.

Security team

CloudTalk’s infrastructure is constantly monitored and in the event of any threats, our security team is ready to step in 24 hours a day.

CloudTalk & GDPR

CloudTalk is committed to privacy, transparency and high security. From the GDPR perspective, we are committed to complying with EU data protection requirements that became enforceable on May 25, 2018. We have decided to apply the GDPR measures to all clients, also outside the EU, that are not directly affected by this measure. We believe it will help to increase the security and credibility of all services. Read more about GDPR at CloudTalk.