We believe security must be “baked” into the product, processes and people. Software developers and engineers are required to go through an annual training on secure coding and pass a rigorous exam. All code written is developed by our own employees and written code is only committed to production after peer review.
Clari partners with external penetration testing vendors to conduct annual tests. Medium and higher severity findings are remediated and reports are available upon request and under NDA.
All stored data, session cookies, backups and other sensitive data, is encrypted at rest. Database fields storing credentials are also encrypted for additional security. Account passwords are salted and hashed using the latest strong algorithms and approaches, which are routinely audited. No humans, our staff included, can ever view your passwords.
All communication between customer systems and Clari is performed using high levels of encryption (TLS 1.2 / HTTPS). Our customers also have the option to add a secure IPSEC tunnel.
Clari integrates with your SSO/MFA solution to provide a seamless login experience via SAML 2.0. This guarantees user authentication without the need to manage yet another account/password combination.
Clari uses OAUTH 2.0 for authorization to CRM, email and calendar platforms securely and via vendor established APIs. This provides our customers the assurance that Clari will only request authorization using Microsoft, Google, Salesforce and vendor specific SSO APIs.
Clari administrators can set user roles according to the principle of least privilege. Users only see what they need in order to perform their job.