The Clio Cloud Conference is happening October 26-29. Save your spot.

Security and Reliability at Clio

At Clio, we take the security of your data very seriously.

In addition to the measures you can take in your own account to ensure the best security practices possible, Clio has also taken the time to ensure that our product is encrypted and adheres to industry best practices with regards to handling customer data.

View Clio's certifications on the "Security and Reliability" page. 

SSL Encryption
Malware Testing and Identity Verification
Data Confidentiality
Geographic Redundancy
Login Throttling
Credit Card/Subscription Security

SSL Encryption

The encryption of the data being transmitted between you and our servers is one of our top priorities. Our SSL (Secure Sockets Layer) encryption, which protects your data in-transit, is provided by Gandi and verified by Norton.

Providers of SSL certificates assure the identity of the website you are visiting by checking references and researching the company before the certificate is awarded. It is important for you to check for a little green lock icon, or "https://", in the address of any website that you might be exchanging sensitive information with.

These SSL certificates are used every time you send data between your computer and the hosting server of a website to ensure the identity of the company or entity you are visiting. Once the website is verified by this certificate, a "handshake" - or initial connection - is made.

During this initial connection, both connections agree to an encryption protocol. This is used to establish a secure connection between the two computers - this is the SSL itself. The data is scrambled in transit in order to protect your information, making it difficult for anyone in the middle to intercept and collect your confidential information.

Clio also uses a combination of software-based encryption, hosting solutions (Amazon Web Services, and Google Cloud Platform), and secure self-encrypting devices, that meet the definition outlined in NIST-800-53 SC-28 PROTECTION OF INFORMATION AT REST.

Malware Testing and Identity Verification

Ensuring the website you are using is free of malware or other harmful vulnerabilities is another factor Clio actively addresses by being certified by McAfee Secure.

This certification means that we have been tested by McAfee and have proven to be free of malware and any other malicious information, have an active SSL certification, and no incidents of phishing (attempts to acquire sensitive information).

Ransomware Protection

The Clio protects against ransomware.

Data Confidentiality

The confidentiality of your data within your Clio account is another priority of ours, and as such we've been certified by TRUSTe.

TRUSTe was founded in 1997 and certifies companies who are in compliance with the requirements of their data confidentiality program. Among these are specific requirements regarding transparency and accountability of data collection and use.

If you are interested in learning more about how Clio handles customer information, please refer to our privacy policy.

Geographic Redundancy

For both our North American and International customers, we have geographic redundancy in place. This means that we have multiple servers backing up your data in real time. We backup Users data from when they start using Clio.

In the unlikely event of a server failure or loss, this means that your data will still be accessible to you. However, while we do have these measures in place, it is important, and often an ethical consideration, to retain local backups of your data. For information on how to retrieve your data from Clio for the purposes of a local backup, see the "Exports and Permissions" article.

You also have the option of setting up a data escrow account to an Amazon S3 bucket, which is a more automated process.

Login Throttling

Login throttling is the feature by which a certain number of failed login attempts results in an automatic wait time before you can attempt logging in again.

We use a token bucket algorithm to throttle login attempts. Login attempts are throttled on both the email and the source IP address.
Per email, we allow up to 10 login attempts in 10 minutes. Per IP address, we allow up to 20 login attempts in 10 minutes.

Credit Card/Subscription Information Security

All sensitive communications, including those involving Credit Cards, are secured using SSL encryption to ensure that the privacy and security of your information is protected.

Was this article helpful?
This information is confusing or wrong
This isn't the information that I was looking for
I don't like this functionality