SECURITY AT CLEARVIEW AI
Clearview AI’s Security teams establish policies and controls, monitor compliance with those controls, and prove our security and compliance to third-party auditors.
Our policies are based on the following foundational principles:
1: Access to Clearview AI products is limited to only those with a legitimate business need and granted based on the principle of least privilege.
2: Security controls should be implemented and layered according to the principle of defense-in-depth.
3. Security controls should be applied consistently across all areas of the enterprise.
4. The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.
SECURITY & COMPLIANCE AT CLEARVIEW AI
Clearview AI maintains a SOC 2 Type II attestation certification. Our SOC 2 Type II report is available to prospective clients with a signed NDA through our sales team.
Clearview AI maintains compliance with key regulations including SOC 2 and applicable data privacy laws.
DATA AT REST
Clearview AI stores customer data in encrypted datastores to protect it at rest. Sensitive collections and tables also use row-level encryption. This data is encrypted even before it hits the database so that logical access to the database prevents reading the most sensitive information.
DATA IN TRANSIT
Clearview AI uses TLS 1.2 or higher when data is transmitted between users and our platform. To maximize the security of our data in transit, we also employ point to point mutual TLS encryption between internal servers.
Clearview AI conducts comprehensive penetration testing at least once a year with a leading penetration testing consulting firm. The tests cover all areas of our product and cloud infrastructure. The penetration testers have full access to our source code to maximize the effectiveness and coverage of the assessments.
Our penetration tests are available to prospective clients with a signed NDA through our sales team.
Clearview AI requires vulnerability scanning at key stages of our Software Development Lifecycle (SDLC):
Static analysis (SAST) testing of code during pull requests and on an ongoing basis
Malicious dependency scanning to prevent the introduction of malware into our software supply chain
Network vulnerability scanning on a period basis
Software composition analysis (SCA) to identify known vulnerabilities in our software supply chain
External attack surface management (EASM) continuously running to discover new external-facing assets
ENDPOINT PROTECTION: All corporate devices are centrally managed and are equipped with mobile device management software (MDM) and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. We use MDM software to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates. Clearview AI's security team has protocols in place for external and internal emergency situations, such as breach notification or loss of equipment.
SECURE REMOTE ACCESS: Clearview AI secures remote access to internal resources using a modern VPN platform. We also use malware-blocking DNS servers to protect employees and their endpoints while browsing the internet.
SECURITY EDUCATION: Clearview AI ensures that all its employees receive thorough security training when they join the company and annually thereafter. This training involves live sessions led by the Head of Security, focusing on essential security principles and their implementation within Clearview AI's Security Program. Additionally, new engineers are required to attend a mandatory live onboarding session with senior team leads, where they learn about secure coding principles and practices. Clearview AI's security team also regularly provides threat briefings to keep employees informed about critical security and safety updates that may require special attention or action.
IDENTITY & ACCESS MANAGEMENT: Clearview AI uses secure identity and access management, enforcing strong MFA and SAML-based Single Sign-on wherever possible. Clearview AI employees are granted access to applications and services based on their role, and automatically deprovisioned upon termination of their employment. Further access must be approved according to the policies set for each application or service.
BUG BOUNTY PROGRAM
Clearview AI works with an industry leading Bug Bounty program. Security is a top priority for Clearview AI, and Clearview AI believes that working with skilled security researchers can identify weaknesses in any technology.
If you believe you have discovered a security vulnerability in Clearview AI’s service, please notify us; we will work with you to resolve the issue promptly
To participate in our Bug Bounty Program, click below: