Security at Clubhouse

Effective as of 2018-11-29T18:06:22+0000

Thousands of companies trust Clubhouse to keep their company data safe and secure every day, and we take that responsibility seriously.

Server Security

Clubhouse runs on Amazon Web Services. All Clubhouse machines limit access to the least number of people necessary to keep them up and running. Deploys are automated to all machines, and all machines with access to Clubhouse data have SSH disabled to prevent any unauthorized access to customer data.

Communications

All data exchanged with Clubhouse is done via the HTTPS protocol.

Data Storage

Live Clubhouse data is stored on AWS in DynamoDB, and access is limited to machines that need read and write access to the data. We also do incremental, encrypted backups of the DynamoDB datastore every 10 minutes to Amazon S3 which is designed to offer 99.999999999% durability for the data in the event of a problem or catastrophic failure of DynamoDB.

Employee Access

No Clubhouse employee will ever see your customer data unless required to do so for support reasons. If you reach out with a support issue which requires us to access your customer data, we will request and wait for your written permission before doing so. We have an audit trail of customer data access to prevent misuse. We would only access your customer data without your permission in the event of a rare, emergency service incident that is causing system-level outage.

Maintaining Security

All passwords are filtered from all our logs and are one-way encrypted in the database using bcrypt. Login information is always sent over SSL.

We also allow you to use two-factor authentication, or 2FA, as an additional security measure when accessing your Clubhouse account. Enabling 2FA adds security to your account by requiring both your password as well as access to a security code on your phone to access your account.

Credit Card Safety

When you sign up for a paid account on Clubhouse, your credit card information is handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers. Our servers do not store or even see your credit card information.

For More Information

If you have any questions or concerns, please contact us at support@clubhouse.io.