Well, if you need some logos, we provide these:
At Clever Cloud, security is not an afterthought. The whole platform was designed with security in mind. Most of security work is systemic: we work on eliminating and mitigating entire classes of vulnerabilities before handling specific issues. This allows our platform to be resilient against new and unknown threats. We see and practice security as a process, a background task that underlines everything we do, not as something that’s tacked on code after it’s been written. The two pillars of our security policy are immutable infrastructure and the avoidance of trusted networks.
Every piece of code deployed on Clever Cloud is deployed in a short-lived, reproducible environment. Even if one of your applications gets compromised, the compromised code will automatically go away at the next deployment. This is particularly useful for commonly targeted applications like PHP CMSs.
It is common to place applications in a shared, unrestricted network space. By avoiding that, we provide security in depth: breaking a gate will grant you access to the next gate, not to the whole castle. This greatly reduces lateral movement, and encourages better security processes. By default, virtual machines are isolated from the network.
Traffic must be explicitly allowed, rendering the common issue of having a component mistakenly exposed to the Internet effectively impossible. All incoming traffic is untrusted and has to be allowed to reach the applications.
Please see our security policy.
The Clever Cloud platform is regularly audited as part of audits and pentests run for our customers by third-party auditors. All the platform-level conclusions are forwarded to the security team and acted upon. If you wish to audit or pentest applications running on Clever Cloud, please contact us.
Providing first-class security along with our datacenter partners is our priority. We constantly work to enhance our security protocols and heavily fight all possible threats, ensuring minimum risk to protect your infrastructures and physical assets.
|Name of the hosting provider||Iliad datacenter|
|Identification No. of the hosting provider||433 115 904|
|Address of the registered office||8 rue de la ville l'Evêque 75008 Paris FRANCE|
|Payment conditions by CLEVER CLOUD of the hosting provider’s invoices||Thirty (30) days in advance|
The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide backup power for the entire facility.
We use PCI compliant payment processor Stripe for encrypting and processing credit card payments. Clever Cloud infrastructure provider is under the process of being PCI certified.
All the data are hosted in France by default (other regions are optionally available) and are fully GDPR compliant (we've done the work to assess our own data collection, storage practices and business practices comply with the GDPR).