Security & Compliance


We comply with international legislation, industry standards and best practices (such as the Federal German Privacy Act, U.S. and European export regulations as well as Safe Harbor). We adhere to these strict security standards not only for the purpose of maintaining compliance, but because we consider security and privacy to be one of the most important aspects of the services we provide to our clients and customers. Information security and data privacy are our highest priorities, and they play a critical role in the processes and technologies used by every department within our organization.

Third Party Assurance & Evaluation


PCI DSS Service Provider Level I

We maintain PCI DSS Service Provider Level I status, which has the following validation requirements:

  • Passing an annual assessment in which a Qualified Security Assessor (QSA) examines the compliance of the PCI environment in detail
  • Quarterly network scans by an Approved Scanning Vendor (ASV)


ISAE 3402 Type II

We leverage third party assurance reports so we can provide our clients with visibility into our internal controls as a service organization. A leading independent auditor performs the annual ISAE 3402 Type II audit through reviews and tests of our operational procedures and controls.


TRUSTed Cloud Privacy

cleverbridge has been awarded TRUSTe’s Privacy Seal signifying that our Privacy Policy and practices have been reviewed by TRUSTe for compliance with their TRUSTed Cloud Data Privacy Program Requirements including transparency, accountability and choices regarding the collection and use of personal information.

Secure Storage and Transmission of Data

We only accept orders submitted according to PCI DSS standards, including those relating to security. Our ecommerce platform supports submission of orders via state-of-the-art secure encryption layers. We process all transaction requests and transaction results via HTTPS. Cryptographic controls provide effective mechanisms for protecting the confidentiality, authenticity and integrity of information – and our policies include the use of encryption and key management.

Processes for Security Breach or Data Theft

We’ve implemented incident response and escalation procedures using industry standard policies (e.g., NIST 800-61). The incident response and escalation procedures are tested annually – at the very minimum.

Questions about security or compliance?

Contact us – we can help.