Securely hosted in the Microsoft Cloud
Clean Contacts uses a Microsoft Azure hosted web application to perform data cleansing. Microsoft Azure is the global leader in security, reliability, compliance and privacy in the cloud. Microsoft employ more than 3,500 cybersecurity experts who continuously monitor and test the platform for vulnerabilities. Learn more about Microsoft Azure Security.
ISO27001 Certified & 3rd Party Security Audited
The Software Bureau, developers of Clean Contacts appointed SGS to audit and certify the business to 27001 standards. SGS has renowned standards which exceed the minimum requirements to achieve 27001 compliance and are accredited by UKAS. The Clean Contacts team also initiated ongoing 3rd party security audits using cyber security experts NCC. The results of all audits are available upon request.
GDPR Compliant
Clean Contacts is fully GDPR compliant. Personally identifiable data is held within the platform to the point of matching, when it is then deleted and not retained. Data is encrypted at REST and in transit. Only GDPR compliant, premium data is available within Clean Contacts.
Securely hosted in the Microsoft Cloud
Clean Contacts uses a Microsoft Azure hosted web application to perform data cleansing. Microsoft Azure is the global leader in security, reliability, compliance and privacy in the cloud. Microsoft employ more than 3,500 cybersecurity experts who continuously monitor and test the platform for vulnerabilities. Learn more about Microsoft Azure Security.
ISO27001 Certified & 3rd Party Security Audited
The Software Bureau, developers of Clean Contacts appointed SGS to audit and certify the business to 27001 standards. SGS has renowned standards which exceed the minimum requirements to achieve 27001 compliance and are accredited by UKAS. The Clean Contacts team also initiated ongoing 3rd party security audits using cyber security experts NCC. The results of all audits are available upon request.
GDPR Compliant
Clean Contacts is fully GDPR compliant. Personally identifiable data is held within the platform to the point of matching, when it is then deleted and not retained. Data is encrypted at REST and in transit. Only GDPR compliant, premium data is available within Clean Contacts.
Common Security Questions
Yes – The Software Bureau is ISO/IEC 27001:2013 Certified (GB19/962631). View our certificate.
Yes – All endpoints are forced to use https (TLS v1.2 or above) via Cloudflare’s End-to-End encryption certificate.
Yes – All personally identifiable data is encrypted using 256-bit AES encryption with keys are managed by Azure Key Vault. Clean Contacts only retains personally identifiable data for the duration of the processing and is immediately deleted when completed.
Clean Contacts uses Cloudflare’s Advanced DDoS Protection and inbuilt Rate Limiting Policies.
Clean Contacts utilises Cloudflare’s Web Application Firewall and is developed with online security best practices, such as considering OWASP top 10, and is externally audited by NCC group annually or when sufficient change deems an audit necessary.
Yes – Penetration tests are conducted by an external provider NCC Group. Source Code reviews are also conducted by NCC Group.
Clean Contacts uses the OAuth 2.0 Authorization Framework to grant users access to the API. Client’s must request an access token using their Client Id and Client Secret from the Clean Contacts Identity Service, and provide the access token when calling the API (Bearer Token). Access tokens are set to live for only 60 minutes.
Clean Contacts utilises Azure serverless technologies which are updated, patched and maintained by Azure.