Multi-factor authentication to access internal services.
Internal networks protected by firewalls.
Utilise advanced machine learning techniques to recognise suspicious logins, account takeovers and financial fraud.
Hosted on Amazon Web Services, which offers a secure environment with capabilities of access control, data encryption, monitoring and isolation.
All personally identifiable information is encrypted (in transit and at rest) by physically dispersed keys.
Uploaded documents:
Full encryption of support chat text messages.
All sensitive rows in the database are hashed and signed on write and verified on retrieval to ensure data integrity.
Secure connections are always enforced when accessing the website or API from any device.
Top tier data centres with geographically dispersed disaster recovery backup servers.
Intrusion detection monitoring for unauthorised system access.
Multi-factor authentication to access internal services.
Segregation of duties and access to application credentials or production servers.
Administrators have tiered access to the system.
Administrator actions relating to any user accounts is audited and requires multi-level approvals.
Administrator action relating to user accounts or value transfer requires multi-level approvals.
Hiring and ongoing employee requirements, candidates must pass criminal background checks before becoming a Clanz employee.
Regular penetration testing is conducted on the system.
Multiple levels of security for our system including:
Username can be freely chosen. We encourage users to not use their email address as username to improve security.
Email notifications are sent on each login.
Instant account suspension from email link for unauthorised logins.
Duress password to suspend an account.
Additional security information is requested on login attempts from different IP addresses.
Cryptocurrency and instant withdrawals are blocked for 72 hours after changes to account security details.
SMS notifications on account security detail changes (like email change or password changes).
Cryptocurrency address whitelisting: withdrawals to new addresses require email confirmation.
Browser whitelisting: email confirmation for logins from new browsers.
Bot shield: automatic account protection from brute force attacks.
Optionally PGP signed emails to verify email validity.
Clanz support staff will never ask you for your multi-factor authentication code or password. If you receive correspondence from a party requesting this information, whether they claim to be associated with Clanz or not, disregard the message and report it to security@clanz.com
To protect yourself, your account and your funds, consider:
