Security and Authentication

To change your password, go to My Account on the navigation menu, then click on the Edit button. Click on the pencil icon on the rightmost side of the Password section to change your password. You can also reset your password at the CINNOX login page by clicking Forgot Password.

To recover your CINNOX login credentials, please contact your Staff Administrators.

You can reset your password at the CINNOX login page by clicking Forgot Password.

Yes, you can have more than one account associated with one email address (even if it's for a different plan, company, or role - such as admin or agent).

You will use the same email and password to login into both accounts. On a browser, go to your unique registered domain link to login. On mobile, enter your subdomain and domain name when logging on.

In the case that you signed up for a CINNOX account and set a password, it will automatically update the password associated with your email address across your accounts.

Each business or organisation using CINNOX has a unique registered subdomain (usually your company name). This was defined when your account was created and consists of the domain name cinnox.com or cinnox.cn.

To sign in to your CINNOX account, type the subdomain and domain name into a browser or CINNOX App, i.e:

• Subdomain (URL): abc-company.cinnox.com
• Your Subdomain: abc-company
• Domain Name: cinnox.com

Then, log in with your email and password as usual.

Yes! There is an email verification process for every user. If someone attempts to register a new CINNOX account with your email address, an email verification is sent to your email inbox. Only you or those authorised with access to your email account will be able to verify the new CINNOX registration.

Yes, you can. Go to Administration > Security > Service Authentication then click on Staff Password Policies to set up and enable additional policies, like preventing Staff members from reusing a set number of passwords, setting passwords to expire after a specific number of days, or automatically locking a staff account after a number of failed login attempts.

Yes, you can. Go to Administration > Security > Service Authentication, then click on Visitor Number & IP Blocklist/Allowlist to add IP addresses in your Visitor Blocklist. For more information, please refer to our User Guide.

Yes, it is. Go to Administration > Security > Service Authentication, then click on Visitor Number & IP Blocklist/Allowlist to add phone numbers in your Visitor Blocklist. For more information, please refer to our User Guide.

Yes. CINNOX has the Staff IP Login List security feature that limits staff members to log in to CINNOX. Staff Administrators can create a list of trusted IP addresses that staff members can use to log in to CINNOX.

Yes. CINNOX has the Staff Number Allowlist security feature, which can limit what phone numbers staff members can use as their Caller IDs or SMS Sender IDs.

Yes, you can enable two-factor authentication (2FA) as an added layer of protection to your account.

No it's not a requirement. However, we do recommend you turn on 2FA for all your accounts. Staff Administrators can turn on Staff Two-Factor Authentication, which requires all staff members to enable two-factor authentication (2FA) when signing in to their CINNOX account. Go to Administration > Security > Service Authentication to enable this setting.

Third-Party Authentication is a CINNOX feature that provides you with an option to log in to CINNOX using an alternative method, such as your company network login credentials.

CINNOX uses OAuth Service to perform authentication and authorisation for the third-party tools or components such as Microsoft Active Directory (AD).

As an administrator, from your CINNOX Dashboard, go to Administration > Service Authentication > Third-Party Authentication and configure service-level authentication.

As a Staff member from your CINNOX Dashboard or App, activate Third-Party Authentication by entering your network login credentials.

Yes, CINNOX does support Data Retention, which lets Staff Administrators access, archive and transfer data to a server outside the CINNOX system. For more information about this feature, please get in touch with one of our experts.

The CINNOX Data Retention Portal is a microsite that lets you access your retained data.

The online mode refers to the backup data that is transferred to your SFTP server and synced to your MongoDB and view the data through the CINNOX Retention Portal.

The offline mode refers to the backup data transferred to your SFTP server and viewed in a raw JSON file format. It does not use a portal site to access the retained data.

To configure the Data Retention Portal, from the navigation menu, go to Administration > Security > Retention then fill out the required details.

The very first Staff administrator of your CINNOX service account will have access to the Data Retention Portal by default. The said administrator can then provide access to other Staff administrators by activating their respective accounts in the portal and providing their access permissions to all or select account-related information.

No, call logs and chat history will remain in the chatroom following your subscription report history entitlement. But you can archive your data such as call logs, chat history, contacts and others using our Data Retention feature.

For more information about this feature, please contact our Sales Team.

Yes, there is. CINNOX has an Audit Log feature that records of all the activities and changes made by staff members to certain features or “elements” inside your CINNOX account.

Yes, it does.

To enable the passcode lock or biometrics in your CINNOX App, from the menu tab, go My Account > Settings > Passcode and Biometrics then follow the instructions you will be provided.

Note that if you plan on using biometrics, you still need to set up a passcode.

The passcode in CINNOX may be different from the one you use to unlock your mobile device.

If you forget your passcode and have reached the maximum number of six (6) unlock attempts, the CINNOX App will log you out and you have to re-enter your account credentials.

CINNOX has a comprehensive security and authentication policy which covers all aspects of the organisation, internal/external communication, and operating systems. All customers and users of the CINNOX service agree to our security policy upon registration and this is a binding and enforceable agreement.

CINNOX is fully GDPR, ISO 27001 and ISO9001 compliant.

We constantly ensure the highest security standards are implemented and maintained across every aspect of our business. Nothing is more important than the security of our customers. We guarantee the CINNOX service is always fully compliant with our security standards.

CINNOX has a strong Privacy Policy to make sure all data is kept confidential. Just like our security policy, our privacy policy is agreed by all users upon registration and is a binding agreement.

All data is encrypted with a high-security standard (AES-256). 1 -1 video and voice calls are fully secured with end-to-end encryption, except recorded calls. Recorded communication is encrypted and protected with a separate encryption standard.

Instant messages are encrypted and secure with traffic protection, as CINNOX uses a web socket over TLS/1.3 for secure messaging. All user profiles and messages are secured inside our database, and our Vault manages encryption keys.

Data is stored using a hybrid cloud model. We use different cloud platforms and closely follow the best practices from ISO 27018 and NIST 800-144 to ensure all security configurations are correctly implemented.

CINNOX owns 3 cloud storage locations, and we also use the public cloud across the globe, which will extend to over 20 locations in the next few years.

Our cloud service providers are fully compliant with ISO 27018 and GDPR.

OpenLDAP is used for the role and permission management; all CINNOX API and data access are checked against the Role of the users to ensure their actions are authorised. CINNOX also runs independent audit logging to keep track of user footprints and ensure no unauthorised access to your data.

All connections are secured by HTTPS (TLS v1.3). On top of this, Expect-CT (Certificate Transparency) is used to protect against man-in-the-middle attacks.

CINNOX has adopted all standards of firewall. To ensure calls are working normally, customers need to allow UDP 10000-50000 (DTLS-SRTP) and HTTPS (443/TCP). CINNOX also provides an easy way to integrate with corporate firewalls through TURN protocol.

CINNOX offers 24/7 support. Report incidents to our support team at [email protected] or through the CINNOX online support.

We can review and analyse firewall logs, audit trails, and real-time system status/monitoring in a potential security incident. CINNOX also supports CEF logs for integration with SIEM solutions.

All data is backed up daily with fully compliant encryption standards. CINNOX uses multi-location – pairs support. Even if one location is down, your data will still be available from another location instantly.

Yes, our connections are protected with TLS/1.3 encryption, which is the latest and fastest industry standard for communication encryption and protection.

Yes. All sensitive credit card data are protected in a dedicated zone according to PCI DSS requirements.