Cleo applies industry-leading cybersecurity practices to ensure charging system resilience and protect user data privacy.
Cybersecurity: Cleo Keeps Your Charging Secure
Data Security
Enjoy Smart, Risk-Free Charging
At Cleo, security starts with exemplary governance. As a former Hydro-Quebec subsidiary, we built our corporate culture on some of the highest ethical and regulatory standards in the industry.
As EV fleets become increasingly connected, cybersecurity is now a strategic priority. Every charging point can be a potential entry for cyberattacks that could disrupt your operations. Cleo integrates advanced security mechanisms to protect infrastructure from intrusions, secure data exchanges, and ensure the confidentiality of sensitive information.
The renewal of our SOC 2 Type 1 certification in 2025 reaffirms our ongoing commitment to maintaining strict standards of integrity, security, and data confidentiality. Our clients enjoy peace of mind knowing Cleo never compromises when it comes to protecting their valuable data.
Stéphane Bélair, Vice-President, Product
Compliance Certification
SOC 2 Type 1
The SOC 2 audit standard is designed to protect client data against cyber threats, unauthorized access, and privacy breaches. It provides assurance regarding the services delivered, as well as the daily management and protection of our clients’ data.
The renewal of our certification reflects our commitment to enhancing transparency and maintaining the highest security standards throughout Cleo’s operations and development.
Communication Protocol
Open Charge Point Protocol (OCPP)
OCPP is an open standard communication protocol that enables EV charging stations to connect with a centralized management system. Cleo ensures encrypted, reliable communication between your vehicles, OCPP-compliant chargers, and our platform.
- Supports OCPP 1.6 (minimum)
- Security Profile Level 2
- Includes channel encryption, certificate verification, and password protection
Equipment Security
Access Rights Management
Cleo integrates advanced features to strengthen the security of your infrastructure and data, whether it’s access to your Cleo account or on-site charging stations.
- Single Sign-On (SSO) for simplified and secure user access control
- Role-based user permissions to manage data access within the platform
- Automatic vehicle identification for charging access via Level 2 and Level 3 DC fast chargers (BRCC)
- Secure RFID card access for charging based on operational context
Personal Data Protection
Compliance with Law 25 (Québec)
Law 25 is a Québec regulation designed to strengthen the protection of citizens’ personal data. It requires businesses to be transparent about how they collect, use, and safeguard customer and supplier information.
- Privacy policy detailing data types collected, protection measures, and retention periods
- Prior consent required before collecting personal data
- Encryption, anonymization, or destruction of sensitive information
Ecosystem
Partners Aligned with Our Standards
Security is a shared responsibility. Cleo ensures that its partners and suppliers meet the same stringent security requirements we uphold.
- SOC 2 certification required for technology partners
- Alignment with our security and data management practices
- Joint commitment to end-to-end secure charging
Beyond Cybersecurity
Even More Benefits for Your Fleet
Explore Cleo’s complete offering, including smart charging management, advanced energy optimization, and monetization of your energy transition.