Clubhouse Security Overview
We take the security of your data seriously.
Clubhouse runs on Amazon Web Services. All Clubhouse machines limit access to the least number of people necessary to keep them up and running. Deploys are automated to all machines, and all machines with access to Clubhouse data have SSH disabled to prevent any unauthorized access to customer data.
All data exchanged with Clubhouse is done via the HTTPS protocol.
Live Clubhouse data is stored on AWS in DynamoDB, and access is limited to machines that need read and write access to the data. We also do incremental, encrypted backups of the DynamoDB datastore every 10 minutes to Amazon S3 which is designed to offer 99.999999999% durability for the data in the event of a problem or catastrophic failure of DynamoDB.
No Clubhouse employee will ever see your customer data unless required to do so for support reasons. If you reach out with a support issue which requires us to access your customer data, we will request and wait for your written permission before doing so. We have an audit trail of customer data access to prevent misuse. We would only access your customer data without your permission in the event of a rare, emergency service incident that is causing system-level outage.
All passwords are filtered from all our logs and are one-way encrypted in the database using bcrypt. Login information is always sent over SSL.
We also allow you to use two-factor authentication, or 2FA, as an additional security measure when accessing your Clubhouse account. Enabling 2FA adds security to your account by requiring both your password as well as access to a security code on your phone to access your account.
Credit Card Safety
When you sign up for a paid account on Clubhouse, we do not store any of your card information on our servers. It is handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers.
If you have any questions or concerns, please contact us at firstname.lastname@example.org.