Stack overview
SaaS on PaaS.
The clixifix® platform uses cutting edge technology with world class security which offers our users reliable, scalable cloud computing services.
Our agile approach to software development enables the in-house clixifix® development team to spend their time building and deploying features and applications that immediately start producing value for the clixifix® community.
At clixifix® we encourage our developers to learn and innovate in a way which benefits not just our users, but the company as a whole
Security
clixifix® ensures enterprise-grade security with features and comprehensive audits of networks, systems and regulatory compliances. The clixifix® platform uses world class infrastructure such as Heroku and AWS.
Privacy
Reliability
Compliance
At clixifix LTD, our primary operation is the management, development and support of our software as a solution application.
This software application was specifically written to provide a collaborative platform for our clients to effectively manage their Customer care activities in the housebuilding construction sector.
Privacy Policy here;
Security
The clixifix® web application is hosted on Heroku. Heroku see https://www.heroku.com/about owned by Salesforce, see https://www.salesforce.com/uk/products/platform/products/heroku/ sits on top of Amazon’s infrastructure.
Security;
clixifix® is currently working towards the ISO 27001 accreditation.
We are accredited to Cyber Essentials +
Also -Heroku state in https://www.heroku.com/policy/security that :
“Heroku’s physical infrastructure is hosted and managed within Amazon’s secure
data centers and utilize the Amazon Web Service (AWS) technology.
Amazon continually manages risk and undergoes recurring assessments to ensure
compliance with industry standards. ‘’
Amazon’s data center operations have been accredited under:
* ISO 27001
* SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
* PCI Level 1
* FISMA Moderate
* Sarbanes Oxley (SOX)”
Also see http://aws.amazon.com/compliance/ for further information.
AWS Region and Endpoint location.
To reduce data latency in our application, Amazon Web Services offer a regional endpoint to make our requests.
Current Region and Endpoints is EU (Ireland) eu-west-1 -located in Dublin.
Our postgres and S3 data is at rest in this location.
We take reasonable endeavours to ensure that any third parties provide an adequate level of protection in relation to any data transfers outside this region when the data is not at rest.
Business Continuity.
clixifix® does not carry the ISO 25999 certification.
clixifix® is hosted on Heroku’s cloud platform based on Amazon’s hardware and data centres. clixifix® runs inside many Heroku dynos -isolated, virtualised Unix containers.
Dynos are constantly monitored and in the event of a system crash the application will be automatically restarted elsewhere in the infrastructure.
Additionally, extra dynos can be started as required to handle increased application load.
The database is based on postgres.
Continuous Protection Systems
We maintain point in time recovery of critical production databases for 7 days.
This system uses the WAL to give us atomic level recovery options.
Scheduled Logical Backups
The automated system will generate backups according to the schedule above without intervention.
We have a Data Review Board that meets on the 1st week of every month to review retained data.
Additionally, Heroku perform continuous protection by creating a base physical backup and using write ahead log (WAL) files to allow for replay of data in case of an outage –
see https://devcenter.heroku.com/articles/heroku-postgres-data-safety-and-continuous-protection.
Files are stored in Amazon S3.
S3 “redundantly stores data in multiple facilities and on multiple devices within each facility”
-see http://aws.amazon.com/s3/details/#durabilityfor details.
Lastly, all interactions with the application from requesting a web page, uploading a file is logged and these logs are monitored.
All of the above is in place to reduce the risk of a disaster and to ensure that business does continue.
To provide further resilience, we are currently reviewing the implementation of a:
* 2nd copy of the application in a physically separate hosting application such as Azure or similar.
* Database follower in a physically separate Amazon zone or alternative hosting environment.
System that is completely separate from Amazon/Heroku but is in sync.
Data Security.
Our license agreement states the following:
“We shall process any personal data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments.”
“We shall take appropriate technical and organisational measures against the unauthorised or unlawful processing of personal data and against the accidental loss or destruction of, or damage to, personal data to ensure our compliance with the seventh data protection principle.
”You are responsible for Your Customers’ use of the Services and ensuring that you have appropriate terms and policies in place with Your Customers detailing how they may use the Services and how their Personal Data may be processed by you (and by us on your behalf).”
Data Return procedures.
On request we will provide data in zip folder containing the data in excel format for the Scheme / Contract / Plot / contacts/ Tickets / Inspection and associated commentary.
We can also provide all supporting media files in the format they were provided / uploaded by separate request.
Our licence agreement states:
”We may destroy or otherwise dispose of any of your data in our possession unless we receive, with your notice to terminate, or where we terminate, prior to the end of the Trial Period or the current contract period, a written request for the delivery to you of the then most recent back-up of your data. We shall use reasonable commercial endeavours to deliver any back up to you within 28 days of receipt of such a written request, provided that you have, at that time, paid all fees and charges outstanding at and resulting from termination.
You shall pay all reasonable expenses incurred by us in returning or disposing of your data ”
Salesforce
Salesforce is a cloud computing service as a software (SaaS) company that specialises in customer relationship management (CRM).
clixifix® have integrated existing accounts with their incumbent Salesforce accounts to send and receive data between the two applications; via powerful ready-made components.
Contact builder
ContactBuilder is a hosted electronic lead capture and evaluation system built specifically for UK housebuilders. Our clixifix® / Contact Builder integration allows our clients to send data between from their contact-builder database to their clixifix® account. clixifix® can handle data integrations with Contact Builder via powerful ready-made components.
CSV Gateway
We can process data exports from your incumbent system to import to the clixifix® platform. Data mapping and integration is seamless and handled by our expert team.
We have numerous successful case studies of data migrations in various formats from legacy systems. Consultation on legacy data format and testing is managed as a separate project.
Bespoke integration
We can process data exports from your incumbent system to import to the clixifix® platform. Data mapping and integration are seamless and handled by our expert team. We have numerous successful case studies of data migrations in various formats from legacy systems. Consultation on legacy data format and testing is managed as a separate project
Zoopla
Follow the right path. Reservation, sales progression and aftercare all in one seamless user journey. Why end a flawless process at the point of exchange with Zoopla for Housebuilders previously Yourkeys when you can continue a seamless customer journey far after completion takes place? Give clients full assurance and make them feel valued from start to finish by also giving them complete control of any post-completion snags with clixifix
API
What is the API for?
The clixifix® API is a service that allows you to automate sharing data between clixifix® and other systems. You can use it to create custom dashboards and alerts, or to transfer data about plots, defects etc between clixifix® and other computer systems.
The API is designed to work server-to-server between businesses, and should not be used to directly automate user actions via a browser connection to the API. It is OK however, to link the browser to your own servers and have your intranet or web server use the clixifix® API to perform the same kind of automation.
Steps to start using the API
1. Request a new Client Application
Access to the API is made by logging into it as a Client Application.
Each Client Application is specific to your account. At a later date clixifix® hope to give you control to create and manage your list of applications on a link from this page. For now, you should request that a new Client Application is set up from clixifix® support email, and they will send you access credentials. In your request, please say what you would like the application to be called (this may appear as the name of who managed data if your application writes and records), and roughly what the purpose is so the support team can choose which parts of the API should be available.
We recommend that you have one Client Application set up per use case that you want to automate. This will help with security (you can limit each application to have minimum rights to perform its task), plus allow you to build different instances separately.
2. Share developer documentation with your development team
Developer documentation is available via the link on top left. It does not require login at clixifix® to access, so you can share the link URLs with your development team without needing to set up user details for them.
3. Start development on a test system
As part of setting up the API for you, clixifix® will also create a sandbox account on a different server and send you access details for both the Client Application and an account admin user for it. This sandbox account is specific to you and your company, and does not share data with your real account. This will allow your development team to test out code before using it for real. On the sandbox account, you may wish to set up one or more of your developers as administrators, so they can work with the clixifix® web application to set up test scenarios.
4. Deploy your new integration
Any deployment of your API client will be on your own servers, and will use clixifix® API on your production account.
Your own development team will be able to advise you on the process for this stage.
Security notes
The Client Application login needs to be made securely from a server that you own, the API does not support direct logins from client devices or browsers.
The Client Application credentials are called client_id and secret and are similar to a username and password. The secret value must be kept securely by you. Anyone with access to the client_id and secret can use them to log in and use the API with access to data under your account.
Each Client Application may access different categories of data by requesting different scopes when logging in. clixifix® recommend that each application is defined to use the minimum possible scopes required to perform its task.
Developer enquiry