Security

Security isn't an afterthought at Cloxly — it's built into how we design, develop, and operate the product. We know you're trusting us with your team's data, and we take that responsibility seriously.

Infrastructure

Cloxly runs on enterprise-grade cloud infrastructure with built-in redundancy and automatic failover. Our systems are monitored around the clock, and we maintain separate environments for development, staging, and production to ensure untested changes never touch your data.

Data encryption

All data transmitted between your browser and Cloxly is encrypted in transit. Your data is also encrypted at rest in our databases and backups. This means your information is protected whether it's moving or sitting still.

Access controls

Access to customer data within our organization is strictly limited. Only the people who need access to do their jobs have it, and all access is logged and reviewed regularly. We follow the principle of least privilege — no one gets more access than they need.

Authentication

Passwords are never stored in plain text — they're hashed using industry-standard algorithms. We support two-factor authentication (2FA) to give your account an extra layer of protection, and we enforce session timeouts to reduce the risk of unauthorized access on shared devices.

Data backups

Your data is backed up automatically on a regular schedule. Backups are encrypted and stored separately from our primary systems, so even in an unlikely disaster scenario, your data can be recovered.

Incident response

We have a documented incident response process in place. If a security event occurs, our team is prepared to investigate, contain, and resolve it quickly. If a breach ever affects your data, we'll notify you promptly and transparently — no delays, no vague language.

Employee practices

Everyone on our team receives security training. We follow secure development practices including code reviews and automated testing. Security is part of our culture, not just a checklist.

Compliance

We're actively working toward formal security certifications to give you independent assurance of our practices:

• ISO 27001 — Our information security management practices are aligned with the ISO 27001 framework. Third-party certification is in progress.
• SOC 2 — We're working toward SOC 2 Type II compliance to provide independent verification of our security controls.
• GDPR — We comply with the General Data Protection Regulation for users in the EU/EEA. See our GDPR page for more details.

Responsible disclosure

We welcome security researchers who help us keep Cloxly safe. If you've found a vulnerability, we'd like to hear about it. Please report it to security@cloxly.io and give us a reasonable window to address it before disclosing publicly.

We ask that you don't access other users' data, disrupt our service, or use automated scanning tools against our production environment. We appreciate your help and will acknowledge researchers who report valid issues responsibly.

Questions?

If you have security questions or need more detail for your organization's review process, reach out to us at help@cloxly.io.