Security Policy

Last updated: December 10, 2024

At ClosePack, security is fundamental to everything we do. We understand that finance teams trust us with sensitive financial data, and we take that responsibility seriously. This Security Policy outlines the measures we implement to protect your information.

1. Infrastructure Security

Cloud Infrastructure

  • Our services are hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certification
  • Data centers maintain physical security controls including 24/7 monitoring, biometric access, and security personnel
  • Redundant systems and geographic distribution ensure high availability

Network Security

  • Enterprise firewalls and intrusion detection systems protect our network perimeter
  • DDoS protection mitigates distributed denial-of-service attacks
  • Network traffic is continuously monitored for anomalies
  • Regular vulnerability scanning and penetration testing

2. Data Protection

Encryption

  • In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
  • At Rest: All stored data is encrypted using AES-256 encryption
  • Key Management: Encryption keys are managed using industry-standard key management services

Data Isolation

  • Customer data is logically separated to prevent unauthorized access
  • Strict access controls ensure data is only accessible to authorized personnel
  • Multi-tenant architecture with robust isolation mechanisms

3. Application Security

Secure Development

  • Security is integrated into our software development lifecycle (SDLC)
  • Code reviews include security assessments
  • Automated security testing in our CI/CD pipeline
  • Regular third-party security audits and penetration tests

Authentication & Access Control

  • Strong password requirements and secure password hashing
  • Support for multi-factor authentication (MFA)
  • Role-based access control (RBAC) for granular permissions
  • Session management with automatic timeout
  • Audit logging of all authentication events

4. Operational Security

Employee Security

  • Background checks for all employees handling customer data
  • Security awareness training for all staff
  • Principle of least privilege for system access
  • Secure workstation policies and endpoint protection

Incident Response

  • Documented incident response procedures
  • 24/7 security monitoring and alerting
  • Defined escalation paths and communication protocols
  • Post-incident review and continuous improvement

5. Business Continuity

Backup & Recovery

  • Automated daily backups with geographic redundancy
  • Regular backup restoration testing
  • Defined Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO)

Disaster Recovery

  • Comprehensive disaster recovery plan
  • Multi-region failover capabilities
  • Regular disaster recovery drills

6. Compliance

We maintain compliance with applicable standards and regulations:

  • SOC 2 Type II (in progress)
  • GDPR (General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • Industry-standard security frameworks

7. Vulnerability Disclosure

We appreciate the security research community's efforts in helping us maintain a secure platform. If you discover a security vulnerability, please report it responsibly:

  • Email security concerns to: security@closepack.com
  • Provide detailed information about the vulnerability
  • Allow reasonable time for us to address the issue before public disclosure
  • Do not access or modify customer data

8. Security Updates

We continuously improve our security posture. This policy is reviewed and updated regularly. Material changes will be communicated to customers.

9. Contact Us

For security-related questions or concerns, please contact us:

Security Team: security@closepack.com
General Inquiries: support@closepack.com
ClosePack, Inc.