This Clarus Privacy & Security Policy (“Policy”) outlines the general policy and practices for the types of information that Clarus Financial Technology Ltd (“Clarus”, “we”, “us”or “our”) gathers, how we use that information, and the options that our users (“you” or “your”) have regarding our use of, and your ability to correct, such information.
It’s our overriding privacy principle that any personal information provided to us by you is just that: personal and private. As such, we will never sell, rent, share, or otherwise disclose your personal information to anyone except to provide our services or as otherwise described in this Policy, without providing explicit notice of such and the ability to opt-out.
This Policy applies to all Clarus products including Clarus CHARM.
Information Collection and Sharing
Clarus is the owner of the service information collected by CHARM. We normally log users interactions in order to provide better services to our users (e.g., using user log data in order to detect new threats and malicious third parties).
We do not sell, rent, or share personal information with third parties for their direct marketing purposes.
We do not use “cookies” for tracking and other common public website usage. We only use temporary session cookies on login, which are removed when the user closes the browser or logs out. We do not use persistent cookies that are stored for longer periods of time and track users across sessions.
Law Enforcement and Obligations
It’s possible that we may be required by law, court order, or other legal process to provide information about our customers to outside parties. It’s our policy to ensure adherence to the due process of law in all such instances, and if we are required to provide information under these circumstances, we will, whenever possible, attempt to inform users whose information we are compelled to produce, unless prohibited by law.
We may also retain copies of personal information to comply with our legal obligations, pursuant to our data retention policies, or for such reasonable period as is required to address potential disputes. Such personal information is limited in nature to user names, emails and organisation name only.
Data Security, Data Integrity and Access
We take all reasonable steps to protect information we receive from our users from loss, misuse or unauthorised access, disclosure, alteration and/or destruction.
We encrypt all data that goes between you and CHARM using industry-standard SSL (Secure Socket Layers).
We generally keep your private data in memory only and do not persist to a database or filesystem. If we do persist any data (e.g. user login details) this data is encrypted when stored on our servers, and encrypted when we transfer it to other servers for backup and replication.
We take a “defence in depth” approach to protecting our systems. Multiple layers of security controls protect access to and within our environment, including firewalls, intrusion protection systems and network segregation. Our security services are configured, monitored and maintained according to industry best practice. We utilise industry-standard security tools to protect our systems.
Our servers are located within enterprise-grade hosting facilities that employ robust physical security controls to prevent physical access to the servers they house. These controls include 24/7/365 monitoring and surveillance, on-site security staff and regular ongoing security audits.
We continuously monitors security systems, event logs, notifications and alerts from all systems to identify and manage threats.
For further details and information, please refer to the documents:
- Information Security Policy
- Information Classification Policy
- Charm Network Security Architecture
- Charm Access Control Policy