This article may be out of date!
Visit the New Knowledge Center

Security and Reliability at Clio

At Clio, we take the security of your data very seriously.

In addition to the measures you can take in your own account to ensure the best security practices possible, Clio has also taken the time to ensure that our product is encrypted and adheres to industry best practices with regards to handling customer data.

View Clio's certifications on the "Security and Reliability" page. 

SSL Encryption
Data Confidentiality
Geographic Redundancy
Login Throttling
Credit Card/Subscription Security

SSL Encryption

The encryption of the data being transmitted between you and our servers is one of our top priorities. Our SSL (Secure Sockets Layer) encryption, which protects your data in-transit, is provided by DigiCert and verified by TrustedSite.

Providers of SSL certificates assure the identity of the website you are visiting by checking references and researching the company before the certificate is awarded. It is important for you to check for a little green lock icon, or "https://", in the address of any website that you might be exchanging sensitive information with.

These SSL certificates are used every time you send data between your computer and the hosting server of a website to ensure the identity of the company or entity you are visiting. Once the website is verified by this certificate, a "handshake" - or initial connection - is made.

During this initial connection, both connections agree to an encryption protocol. This is used to establish a secure connection between the two computers - this is the SSL itself. The data is scrambled in transit in order to protect your information, making it difficult for anyone in the middle to intercept and collect your confidential information.

Clio also uses a combination of software-based encryption, hosting solutions (Amazon Web Services, and Google Cloud Platform), and secure self-encrypting devices, that meet the definition outlined in NIST-800-53 SC-28 PROTECTION OF INFORMATION AT REST.

Ransomware Protection

Ransomware can be a serious threat to a firm’s data if proper protections are not in place. Clio Manage operates in the cloud, and inherently protects your firm through our data backup and versioning capabilities. Any actions taken on Clio are stored securely and backed up. If you are affected by ransomware Clio will still be available to you and you can continue working as normal.

One special case is with Clio Drive. Clio Drive is designed to sync your files directly to Clio Manage, which means that a file encrypted by ransomware could get uploaded to our cloud. While this is an unlikely situation, Clio versions all documents uploaded by Clio Drive. In the worst-case scenario, you can simply restore your file to the most recent unaffected version!

Data Confidentiality

The confidentiality of your data within your Clio account is another priority of ours, and as such we've been certified by TRUSTe.

TRUSTe was founded in 1997 and certifies companies who are in compliance with the requirements of their data confidentiality program. Among these are specific requirements regarding transparency and accountability of data collection and use.

If you are interested in learning more about how Clio handles customer information, please refer to our privacy policy.

Geographic Redundancy

For both our North American and International customers, we have geographic redundancy in place. This means that we have multiple servers backing up your data in real time. We backup Users data from when they start using Clio.

In the unlikely event of a server failure or loss, this means that your data will still be accessible to you. However, while we do have these measures in place, it is important, and often an ethical consideration, to retain local backups of your data. For information on how to retrieve your data from Clio for the purposes of a local backup, see the "Exports and Permissions" article.

You also have the option of setting up an account to an Amazon S3 bucket, which is a more automated process.

Login Throttling

Login throttling is the feature by which a certain number of failed login attempts results in an automatic wait time before you can attempt logging in again.

We use a token bucket algorithm to throttle login attempts. Login attempts are throttled on both the email and the source IP address.
Per email, we allow up to 10 login attempts in 10 minutes. Per IP address, we allow up to 20 login attempts in 10 minutes.

Credit Card/Subscription Information Security

All sensitive communications, including those involving Credit Cards, are secured using SSL encryption to ensure that the privacy and security of your information is protected.

Was this article helpful?
This information is confusing or wrong
This isn't the information that I was looking for
I don't like this functionality