Security Policy

We understand that data security is a critical issue for Content Creators and their Talent. Our software platform conforms to industry best practices and follows the same technology standards used by Netflix to the big banks.

Continuous Backups

Customer data is backed up multiple times a day on secure, access-controlled and redundant storage. In the unlikely event of a data loss, your information will be fully restorable.

Data Storage

All Canadian Circus customer data is hosted in data centres located in Canada. These data centres are high-security and access controlled through multiple levels of security. Onsite security procedures include bio-metric scanning, 24/7 camera monitors, and 24/7 staff to protect against unauthorized entry. Our data centres are also ISO 27001 and FISMA certified to meet stringent data security requirements.

Data Access

Circus has programmed highly customizable permissions into our platform so that you can control exactly who within your organization has access to what. Internally, access to customer information is strictly limited to an as-needed basis, and your information will not be sold to third parties.

Encryption and Resource Access

We use the same technology as all major Canadian banks to keep your account info safe:
- End-to-end 256 bit SSL/TLS encryption
- Encryption is enforced with HTTP Strict Transport Security
- A Content Security Policy is enforced
- All non-essential ports and external network interfaces blocked by default Critical authentication endpoints are rate limited
- No financial data or credit information is stored in any Circus system
- All account passwords are stored as one-way hashes and salted
- All client-side communication, sessions, and input are validated server-side
- All documents are securely encrypted on Amazon S3 using AES-256 and Managed Keys
- Sensitive fields are further encrypted using the AES-256 algorithm.
- All account data is encrypted and securely stored
- Two factor authentication is required for elevated users

Source Code

- We perform static code analysis of all production code
- We have Integration and Unit tests for all critical systems
- All sub-dependencies have been vetted for security and performance issues
- All sub-dependencies are directly bundled into the Circus application
- We follow strict compliance with source code licensing and open-source licensing

Key Management 

Circus maintains a strict policy for assigning and distributing keys which may access any production or development systems.

- Master access keys are never distributed to any employees
- Access keys are never stored in any version control system
- Access keys are never stored anywhere as plain-text
- Individual access keys are generated per employee with developer only access

Secure Workstations

- All company workstations and laptops use encryption for storing of any potentially sensitive data
- All company workstations and laptops use anti-malware and antivirus software
- All client data is always anonymized for development purposes

Employee Awareness

- All Circus employees have been instructed on best practice security standards
- Circus employees are granted granular role access to resources
- Any employee access to sensitive data is tracked and monitored
- Developers only work with anonymized data

Data Loss / Security Breach 

In the event of a loss of data or potential security breach, you will be contacted immediately and be kept updated in real-time as Circus assesses the situation. Circus will quickly take any measures necessary to secure and recover your data. A full incident report will be made available by Circus should any incidents occur.