Security and Authentication

What kind of security measures does CINNOX have in place?

CINNOX has implemented several security measures to protect customer data, including AES encryption, multi-factor authentication, access controls, and various policies and procedures. CINNOX also complies with several industry standards, such as ISO 27001 and GDPR.

Is my data encrypted when it's stored on CINNOX's servers?

Yes, all data on CINNOX's servers is encrypted with AES encryption before it's saved to the database.

What is CINNOX's encryption implementation?

CINNOX uses client-side, data-in-transit, and server-side encryption to protect data at all levels of transmission and storage. This includes isolation security measures on mobile devices, HTTP/S encryption with TLS 1.3, and hardware and application encryption. Certificate Transparency is also employed for added Security in certificate management. For more information, please refer to our Security and Authentication page in our User Guide.

Does CINNOX use public clouds for its services?

Yes, CINNOX uses multiple public clouds, including AWS and Alicloud, to ensure better service. Data is stored locally, and site replication is in place to ensure adequate redundancy and availability.

Does CINNOX have a shared security responsibility with its customers?

Yes, security and compliance are a shared responsibility between "You" as a Customer and "Us" as the SaaS provider. CINNOX is responsible for protecting the infrastructure, including data, software, hardware, networking, and facilities that run in the service. Customers are responsible for configuring the features adopted and deployed.

What kind of policies does CINNOX have in place to protect sensitive information?

CINNOX has implemented several policies and procedures to help protect sensitive information, including restricting access to sensitive database credentials, using a built-in policy and password manager to generate temporal credentials, requiring employees to sign confidentiality agreements, and having a mandatory leave policy for key personnel.

Does CINNOX undergo security testing?

Yes, CINNOX performs penetration tests annually by security companies and hackers to help assess its security measures. CINNOX also perform vulnerability scans on the PoP sites daily to ensure new deployments or libraries are secure and not susceptible to exploits or attacks.

How do I change my CINNOX password?

To change your password, go to My Account on the navigation menu and click the Edit button. Click the pencil icon on the rightmost side of the Password section to change your password.

You can reset your password at the CINNOX login page by clicking Forgot Password.

I have forgotten my CINNOX login email and password. How can I recover it?

To recover your CINNOX login credentials, don't hesitate to get in touch with your Staff Administrator.

How can I find my password if I forget or lose it?

You can reset your password at the CINNOX login page by clicking Forgot Password.

Can I use the same email address for more than one CINNOX account?

Yes, you can have more than one Account associated with one email address (even if it's for a different plan, company, or Role - such as admin or agent).

You will use the same email and password to login into both accounts. Log in to your registered domain link on a Chrome or Safari browser. On mobile, enter your subdomain and domain name when logging on.
Suppose you signed up for a CINNOX account and set a password. In that case, it will automatically update the password associated with your email address across your accounts.

How can I log in to my Account if I have two accounts under the same email address?

Each business or organisation using CINNOX has a unique registered subdomain (usually your company name). This was defined when your Account was created and consists of the domain name cinnox.com or cinnox.cn.

To sign in to your CINNOX account, type the subdomain and domain name into a browser or CINNOX App, i.e.:

  • Subdomain (URL): abc-company.cinnox.com
  • Your Subdomain: abc-company
  • Domain Name: cinnox.com

Then, log in with your email and password as usual.

Will my login credentials be safe if a third party registers a new account with my email address?

Yes! There is an email verification process for every user. Suppose someone attempts to register a new CINNOX account with your email address. In that case, email verification is sent to your email inbox. Only you or those authorised to access your email account can verify the new CINNOX registration.

Can I set up additional password policies to protect our users' credentials?

Yes, you can. Go to Administration > Security > Service Authentication, then click on Staff Password Policies to set up and enable additional policies, like preventing Staff members from reusing a set number of passwords, setting passwords to expire after a specific number of days, or automatically locking a staff account after several failed login attempts.

Is it possible to block specific visitor IP addresses from my end?

Yes, you can. Go to Administration > Security > Service Authentication, then click on Visitor Number & IP Blocklist/Allowlist to add IP addresses to your Visitor Blocklist. For more information, please refer to our User Guide.

Is it possible to block visitor phone numbers from my end?

Yes, it is. Go to Administration > Security > Service Authentication, then click on Visitor Number & IP Blocklist/Allowlist to add phone numbers to your Visitor Blocklist. For more information, please refer to our User Guide.

Is there a feature blocking Staff members from logging in to CINNOX using untrusted IP addresses?

Yes. CINNOX has the Staff IP Login List security feature that limits staff members from logging in to CINNOX. Staff Administrators can create a list of trusted IP addresses that staff members can use to log in to CINNOX.

Can I control the Caller ID and SMS Sender ID to be used by the agents?

Yes. CINNOX has the Staff Number Allowlist security feature, limiting what phone numbers staff members can use as their Caller IDs or SMS Sender IDs.

Does CINNOX have authentication security?

Yes, you can enable two-factor authentication (2FA) as an added layer of protection to your Account.

Is it required to use two-factor authentication (2FA) on CINNOX?

No, it's not a requirement. However, we do recommend you turn on 2FA for all your accounts. Staff Administrators can turn on Staff Two-Factor Authentication, which requires all staff members to enable two-factor authentication (2FA) when signing in to their CINNOX account. Go to Administration > Security > Service Authentication to enable this setting.

What is third-party authentication?

Third-Party Authentication is a CINNOX feature that allows you to log in to CINNOX using an alternative method, such as your company network login credentials.

What protocol or service do you use for third-party authentication?

CINNOX uses OAuth Service to authenticate and authorise third-party tools or components such as Microsoft Active Directory (AD).

How do I enable third-party authentication?

As an administrator, from your CINNOX Dashboard, go to Administration > Service Authentication > Third-Party Authentication and configure service-level authentication.

As a Staff member from your CINNOX Dashboard or App, activate Third-Party Authentication by entering your network login credentials.

Can I archive our data on CINNOX to our local server?

Yes, CINNOX does support Data Retention, which lets Staff Administrators access, archive, and transfer data to a server outside the CINNOX system. For more information about this feature, please contact one of our experts.

What is Data Retention Portal?

The CINNOX Data Retention Portal is a microsite that lets you access your retained data.

What is the difference between the online and offline modes in CINNOX's Data Retention feature?

The online mode refers to the backup data that is transferred to your SFTP server and synced to your MongoDB. View the data through the CINNOX Retention Portal.

The offline mode refers to the backup data transferred to your SFTP server and viewed in a raw JSON format. It does not use a portal site to access the retained data.

How do I configure the Data Retention?

To configure the Data Retention Portal, from the navigation menu, go to Administration > Security > Retention, then fill out the required details.

Who can access the Data Retention Portal?

The first Staff administrator of your CINNOX service account will have access to the Data Retention Portal by default. The administrator can then provide access to other Staff administrators by activating their respective accounts in the portal and providing their access permissions to all or select account-related information.

As a staff administrator or agent, can I delete call logs and chat history in the chatroom?

No, call logs and chat history will remain in the chatroom following your subscription report history entitlement. But you can archive your data, such as call logs, chat history, contacts and others, using our Data Retention feature.

For more information about this feature, please get in touch with our Sales Team.

Is there an audit log/trail on CINNOX?

Yes, there is. CINNOX has an Audit Log feature that records all the activities and changes made by staff members to certain features or "elements" inside your CINNOX account.

Does the CINNOX App have a passcode lock or biometric authentication?

Yes, it does.

How can I enable the passcode lock or biometrics in the CINNOX App?

To enable the passcode lock or biometrics in your CINNOX App, go to My Account > Settings > Passcode and Biometrics from the menu ta. Then follow the instructions you will be provided.

Note that if you plan on using biometrics, you still need to set up a passcode.

Are CINNOX's passcode and biometrics different from the one I'm using to unlock my phone?

The passcode in CINNOX may differ from the one you use to unlock your mobile device.

What happens if I forget my passcode?

If you forget your passcode and have reached the maximum of six (6) unlock attempts, the CINNOX App will log you out. You have to re-enter your account credentials.

What is the security policy for CINNOX services?

CINNOX has a comprehensive security and authentication policy which covers all aspects of the organisation, internal/external communication, and operating systems. All customers and users of the CINNOX service agree to our security policy upon registration, which is a binding and enforceable agreement.

What security standards does CINNOX maintain to protect customer data from unauthorised use, access, disclosure, theft, or manipulation?

CINNOX is fully GDPR, ISO 27001 and ISO 9001 compliant.

We constantly ensure the highest security standards are implemented and maintained across every aspect of our business. Nothing is more important than the security of our customers. We guarantee the CINNOX service is always fully compliant with our security standards.

How does CINNOX maintain the confidentiality of customer data and contractually commit to these obligations?

CINNOX has a strong Privacy Policy to keep all data confidential. Just like our security policy, our privacy policy is agreed upon by all users upon registration and is a binding agreement.

All data is encrypted with a high-security standard (AES-256). 1 -1 video and voice calls are fully secured with end-to-end encryption, except recorded calls. Recorded communication is encrypted and protected with a separate encryption standard.

Instant messages are encrypted and secure with traffic protection, as CINNOX uses a web socket over TLS/1.3 for secure messaging. All user profiles and messages are secured inside our database, and our Vault manages encryption keys.

How do you control data accessibility?

OpenLDAP is used for the Role and permission management; all CINNOX API and data access are checked against the Role of the users to ensure their actions are authorised. CINNOX also runs independent audit logging to keep track of user footprints and ensure no unauthorised access to your data.

How do you protect my data in transit?

All connections are secured by HTTPS (TLS v1.3). On top of this, Expect-CT (Certificate Transparency) protects against man-in-the-middle attacks.

Which firewall does CINNOX adopt?

CINNOX has adopted all standards firewall. Customers must allow UDP 10000-50000 (DTLS-SRTP) and HTTPS (443/TCP) to ensure calls work normally. CINNOX also provides an easy way to integrate with corporate firewalls through the TURN protocol.

How can I report a security incident? Do you have any official flow and process?

CINNOX offers 24/7 support. Report incidents to our support team at [email protected] or through CINNOX online support.

We can review and analyse firewall logs, audit trails, and real-time system status/monitoring in a potential security incident. CINNOX also supports CEF logs for integration with SIEM solutions.

What is your backup and recovery policy?

All data is backed up daily with fully compliant encryption standards. CINNOX uses multi-location pairs support. Even if one location is down, your data will instantly be available from another.

Does CINNOX use a secure encryption protocol and protection for data transmission between our network and your system over the Internet?

Yes, our connections are protected with TLS/1.3 encryption, the latest and fastest industry standard for communication encryption and protection. 458