End users log in for authentication, which requires the email and password the user set when creating their account. Email addresses and passwords are both encrypted in transit and in rest.
IRIS Clarity doesn’t capture or transfer any other personal data.
Furthermore, IRIS has been audited and certified by several security checks:
- We’ve been certified by the government-backed Cyber Essentials to protect against cyber attacks;
- Both our Windows and Mac applications are rigorously pen tested by a CREST-approved third party to ensure our applications are built with the toughest security principles and controls;
- Our SIG audit enables us to leverage an industry-standard library of vetted questions that measure risk across 18 domains. Mapping each question to multiple controls and regulatory requirements enables us to simplify and standardise our information technology, resiliency, cyber security, data security and privacy;
- Our card payments are PCI Data Security Standards-compliant, ensuring that accepting, processing, storing or transmitting of credit card information is maintained in a secure environment.
For more information, please see our Privacy Notice.