Security & Compliance

Last Updated: January 15, 2026

Enterprise-grade security, architected for privacy. Data Migration Tools is part of the ClonePartner ecosystem. We bring the rigorous standards of our enterprise consulting practice—SOC 2 Type II, ISO 27001, and HIPAA compliance—to these self-serve utilities.

1. Our Security Philosophy: “Client-Side First”

We believe the safest place for your data is on your own device.

  • Browser-Based Processing: The majority of our tools (validators, formatters, and simple converters) are architected to run entirely within your web browser using JavaScript. In these scenarios, your data files are never transmitted over the internet and never touch our servers.
  • Zero-Persistence: We do not store your data. We do not “look” at your data. We do not use your data to train AI models.

2. Ephemeral Server-Side Processing

For complex operations that require server-side computing power (e.g., large-scale schema conversions), we utilize an Ephemeral Processing Architecture:

  1. Secure Transmission: Data is uploaded via an encrypted tunnel (TLS 1.2+).
  2. Volatile Processing: Data is processed in volatile memory (RAM), not written to persistent storage.
  3. Immediate Purge: Once the conversion output is returned to you, the input and output data are cryptographically scrubbed from memory.
  4. No Backups: Because we do not store your uploaded files, they are never included in our system backups or archives.

3. Compliance & Certifications

As a product of Yin Yang Inc. d/b/a ClonePartner, our infrastructure adheres to the following independently audited frameworks:

  • SOC 2 Type II: We maintain active SOC 2 Type II compliance, verifying our controls for Security, Availability, and Confidentiality.
  • ISO 27001: Our Information Security Management System (ISMS) is ISO 27001 certified, ensuring global best practices in risk management.
  • HIPAA: Our systems are designed to handle PHI (Protected Health Information) securely, making these tools suitable for healthcare data preparation.
  • GDPR & CCPA: We fully comply with EU and California data privacy regulations. Read our Privacy Policy.

4. Infrastructure Security

Even though we don’t store your files, the platform itself is hardened to enterprise standards:

  • Encryption in Transit: All web traffic is served over HTTPS using TLS 1.2 or higher. We employ HSTS (HTTP Strict Transport Security) to force secure connections.
  • Vulnerability Scanning: We perform regular automated vulnerability scans and third-party penetration testing on our application infrastructure.
  • Access Control: Our internal administrative access follows the Principle of Least Privilege. No employee has access to user data streams during processing.

5. Reporting Security Issues

We value the contributions of the security research community. If you believe you have found a vulnerability in any of our tools, please report it to us immediately.

Contact Our Security Team:

  • Email: security@clonepartner.com
  • PGP Key: Available upon request.