Security at Cleared®
We handle Jamaica's most sensitive personal data—IDs, criminal records, income proof, and biometrics. That demands a security-first culture, layered technical controls, and transparent incident response.
Core security pillars
Layered defence (defence-in-depth)
Network segmentation, firewalls, WAF, endpoint detection, KMS-encrypted storage, and RBAC controls create multiple barriers. If one layer is breached, others still protect the data.
Strong encryption everywhere
TLS 1.3 for data in transit. AES-256-GCM with AWS KMS for data at rest. Secrets stored in AWS Secrets Manager with automatic rotation.
Strict access control
Least-privilege RBAC, mandatory MFA, device posture checks, IP whitelisting for sensitive routes, and monthly access reviews.
Continuous monitoring and alerting
CloudWatch, GuardDuty, and custom dashboards watch traffic, API errors, failed logins, and unusual access patterns 24/7. On-call engineers receive alerts within 2 minutes.
2025 security initiatives
Threat modelling and penetration testing
Quarterly threat models simulate realistic attack scenarios (credential stuffing, SQL injection, social engineering). Annual pentests by external firms validate our defences.
Incident response and mean time to recovery (MTTR)
Runbooks define containment, communication, and recovery steps for data breaches, DDoS attacks, and ransomware. Target MTTR: under 4 hours for critical incidents.
Security metrics and transparency
Dashboards track vulnerabilities patched, phishing test pass rates, and audit findings. We publish incident summaries and remediation timelines for stakeholders.
Report a security concern
If you discover a vulnerability, suspected breach, or security issue, email security@cleared.id immediately. We triage reports within 4 hours, confirm findings within 48 hours, and share remediation timelines with responsible researchers.
We do not pursue legal action against researchers who report issues responsibly and allow us time to fix them before public disclosure.