Cloud Referrals, LLC is a cloud computing consulting service firm operating primarily with cloud based applications and services. We take reasonable precautions to keep your data safe, and are proud to partner with service providers who maintain the latest cybersecurity best practices.
Your credit card details processed and stored with our merchant and payment gateway service providers comply with the PCI DSS (Payment Card Industry Data Security Standards).
Cloud Referral employees and contractors are located throughout the world and connect to the internet through our service provider’s VPN (virtual private network) service, which is SSL (secure sockets layer) secured with 256-bit encryption. Our VPN service provider is audited by a third party and does not log our activity.
User Account Access
Cloud Referrals may need to collect your user login credentials, in order to provide the “Service”. When we collect your login credentials, we use a third party password management service called Lastpass to manage this sensitive data. Your login credentials stored in our password management service uses the leading encryption algorithms: 256 bit AES (Advanced Encryption Standard) encryption with PBKDF2 (Password-Based Key Derivation Function 2) SHA-256 (Secure Hash Algorithm 2) and salted hashes to protect your data in the cloud. When we access the password management service, we use FIDO U2F (Fast IDentity Online Universal 2nd Factor) keys with strong passwords while logged in on an authorized device connected to our VPN service. Cloud Referral’s internal PINs, passwords and multi-factor account authentication methods are updated at least once every 90 days. All our passwords are unique, long, complex, and randomly auto-generated.
Domain & Website Hosting Services
Our domain and web hosting service providers maintain the following protocols and certifications: SSL (Secure Sockets Layer), SPF (Sender Policy Framework), DMARC (Domain-based Message Authentication, Reporting and Conformance), and DKIM (DomainKeys Identified Mail).
Communication & File Transmission
All files stored at rest are encrypted. All data in transit between our website forms, web apps, APIs, and devices are encrypted with most of our service providers using TLS (Transport Layer Security) for data transmission, establishing a secure channel protected by a 256 bit AES (Advanced Encryption Standard) encryption. However, not all email communications (incoming or outgoing) are encrypted as some web services require emails to be decrypted in order to be sent or read. Please consider this before emailing us any Personally Identifiable and Proprietary Information.
Our files are backed up three times per day and securely transferred and stored with 256 bit AES encryption to multiple off-site locations for disaster recovery purposes. Finally, our third party data backup service provider has passed the SOC 2 Type II audit with the AICPA Service Organization Control Trust Services Principles, Criteria, and Illustrations for security, availability, processing integrity, confidentiality, and privacy.
If you have any questions or concerns about our security protocols, please email firstname.lastname@example.org.