Network ports:

Clevertouch Android Operating System - Over-the-air updates

Android 13 and above:

Android 11 and below:

Clevertouch NTP Server - For keeping time and date in sync

• Server Hostname - 2.android.pool.ntp.org

Clevertouch AI 

Server Hostname

• Microsoft cloud model: varies depending on the language prefix, so a wildcard * is used at the beginning.
  • *.stt.speech.microsoft.com
• AI backend services
  • https://global-ai.ifpserver.com

Cleverlive - Digital signage application 

Please make sure that port 80 and 443 can access:

• 87.106.215.81 (new)
• 85.215.121.86
• 217.160.168.158
• www.cleverlive.com
• live.cleverlive.com

For older devices, and windows devices, this is in addition to keeping (temporarily) these whitelisted 

• 87.106.215.81
• www.sedaolive.com
• live.sedaolive.com

until your players have been automatically upgraded or you are contacted by us with details of how to manually upgrade your players to the latest software.

Lynx - Whiteboard application and CleverLive Room Booking

• Server Hostname
  • *.lynxcloud.app
  • api.lynxcloud.app

TCP Ports: 80 (HTTP) & 443 ( HTTPS) 

Clevershare - Sharing application 

• Activation servers:
  • https://linkmsg.bytello.com (based in the U.S)
  • https://license.bytello.com (based in the U.S)
• Update servers:
  • http://iwbota.com (based in the U.S)
  • https://api.bytello.com (based in the U.S)
• Software usage:
  • http://friday-sg.bytello.com (based in Singapore)
  • https://share-server.bytello.com (based in the U.S)
  • mc-awsgp.bytello.com (based in the U.S)
  • https://static.bytello.com/bytelloshare/licenses/terms_service.html (based in the U.S)
  • https://static.bytello.com/bytelloshare/licenses/privacy_policy_service_server.html (based in the U.S)
  • https://static.bytello.com/bytelloshare/licenses/user_experience_service.html (based in the U.S)
• Clevershare Webcast - Android 13 and above only - Wildcard * is used at the beginning.
  • *.bytello.com
  • *.clevetouch.com
    • 20.212.88.141
    • 20.106.104.54
  • *.r302.cc
    • 114.230.95.180
    • 103.235.136.123

• Clevershare application:

• Airplay Protocol:

• Miracast Protocol:

• Chromecast Protocol:

MDM - Mobile Device Management application 

There are two areas to be considered for network requirement

• Browser Side = MDM web portal that the Agent Side communicates to.
• Clevertouch Android Agent = The service running on the Clevertouch Android Module, which communicates to the Browser Side.

User access to the web browser

• MDM Application Server: https://clevertouch.glbth.com
• https://*.glbth.com (Port: 443 & dynamic IP)
• Location resolve by IP service: https://pro.ip-api.com
• Open Street Map: https://*.tile.openstreetmap.org
• Online chat: https://static-v.tawk.to
• Streaming protocol servers to support the “Remote” function: Webrtc over UDP *.glbth.com (Port: 443 & dynamic IP)
  52.11.103.125
  34.240.200.142
• UDP ports range: 30100-40000
•  

Clevertouch display android agent :

• MDM Application Server: https://clevertouch.glbth.com
• https://*.glbth.com (Port: 443 & dynamic IP)
• Streaming protocol servers: https://*.glbth.com (Port: 443 & dynamic IP)
• Push notification system: primary: Port 443 to clevertouch.glbth.com or preferably *.glbth.com
• Secondary: Should the primary fail or be too slow, it uses Google's Firebase Cloud Messaging (FCM); for completeness of setup, please read the following and allow the three ports to all public IPs or just the Google ASN range listed below.

The ports to open are 5228, 5229, and 5230. GCM typically only uses 5228, but it sometimes uses 5229 and 5230.

Google ASN:

• 104.132.0.0/23
• 104.132.11.0/24
• 104.132.141.0/24
• 104.132.34.0/24
• 104.132.5.0/24
• 104.132.51.0/24
• 104.132.7.0/24
• 104.132.8.0/24
• 104.133.0.0/24
• 104.133.2.0/23

CleverLive & Clevertouch Security and Privacy

Clevertouch provides digital signage solutions for every business sector, from primary schools and small businesses to universities and major corporations.
The digital signage requirements of such a large user base are varied, as are the security concerns when adding Media Players (or any third-party device) to a customer network.

There are many solutions to potential security concerns:

• Most secure but least recommended: A stand-alone system not connected to the customer’s network.
  While effective, this removes the key advantage of updating sales or communication messages across the business instantly.

Clevertouch solutions are built on the Microsoft Windows operating system, allowing them to:

• Be easily added to networks using standard procedures.
• Connect automatically using DHCP in most networks.
• Allow network administrators to apply standard security policies (e.g., adding the player to a domain).
  ➔ Important: Admins must follow Clevertouch's recommended procedures to ensure 24/7 signage operation (e.g., disabling screen savers or auto-sleep functions).
• Be added to VLANs, WANs, connected over VPNs, or configured per IT team preferences.

CleverLive Advantages

Advantages of using a CleverLive cloud-connected digital signage system:

• Ease of use
• Simple scalability to larger networks
• Management across multiple geographic sites
• Clevertouch-managed maintenance
• Automated software updates
• Global access

The very low cost of controlling a network via CleverLive means the only reason not to use it would be specific security concerns around cloud-based solutions.

CleverLive Methodology

The widespread adoption of cloud services (e.g., Office 365, Dropbox, OneDrive, Salesforce) shows that well-designed cloud solutions are trusted for business data.

CleverLive works similarly:

1. Upload digital signage channels, images, and messages to CleverLive.
2. Clevertouch players connect to your CleverLive account and download the uploaded content.
3. Log in to your CleverLive control panel to assign content to specific screens.

Simple, reliable, and efficient.

Account Security Settings

IP Whitelisting

CleverLive supports IP whitelisting to lock account access to specified IP addresses.
Even users with valid credentials cannot log in unless accessing from an approved device.

Multi-Factor Authentication (MFA / 2FA)

CleverLive supports multiple security levels:

• Level 1: Username + password
• Level 2: Username + password + IP address locking
• Level 3: Username + password + MFA
• Level 4: Username + password + MFA + IP address locking

Player Connectivity & Content Download Security

Each player:

• Stores downloaded content locally (no constant streaming needed).
• Continues operating even if the internet fails (no new updates during outages).

Secure connection process:

• Players use 2048-bit SSL encryption for communication.
• On first connection, a unique 8-digit PIN is generated and exchanged for an OAuth 2.0 authentication token.
• After token creation, the PIN is deleted permanently.
• All communications validate the OAuth token.
• No unsolicited inbound internet connections — players initiate all communications.
• Long-polling allows real-time status updates and almost instantaneous player reactions.

If a player is removed from an account, the token is invalidated immediately.

Firewall Requirements:
Ports 80 (HTTP) and 443 (HTTPS) must be open.
Details on server IP addresses can be found here.

Additional Device Information

CM Pro

As an Android 9 device, the CM Pro supports 802.1x authentication using:

• EAP method: PEAP
• Phase 2 auth: MSCHAPv2

Live Rooms

In Live Rooms, MFA/2FA access is a privileged operation requiring admin approval — especially when booking delegates need connection rights.

User Content Upload Options

Users can upload content via:

1. Web Browser (Managing network and uploading content).
2. ImageFlyer Cloud Master (Clevertouch's Windows desktop application for custom signage).

Managing the Signage Network via Browser

• Users log into their CleverLive account via a secure HTTPS connection.
• All passwords are hashed — not stored in plain text.
• Strong password policies are recommended (minimum 6 characters).
• Admins can create sub-user accounts with limited privileges to avoid sharing admin credentials.

Creating & Uploading via ImageFlyer Cloud Master

• Users design custom signage zones directly on their Windows desktops.
• When publishing, all assets are securely uploaded to CleverLive using 2048-bit SSL encryption.
• First-time login uses encrypted username/password to obtain an OAuth token for future communications.
• Firewall Requirement: Open ports 80 and 443.
• Firewall and server info available here.

Note:
ImageFlyer Cloud Master does not include firewall diagnostics.

Data Storage

• All customer data is stored on dedicated servers in Germany (EU).
• Daily backups are performed, but customers must retain their own critical media backups.
• Every player also holds a copy of its assigned data as a local backup.

Privacy Considerations

Digital signage is typically not used for highly sensitive or confidential information.

• Example: A hospital may use screens to call patients into clinics, but not to display personal medical details.
• Content should be appropriate for public, office, retail, or educational spaces where displays are designed to attract attention.

CleverAI Privacy & Security FAQs

1. What technology underpins Clevertouch AI? Is it based on proprietary models or does it leverage third-party AI frameworks?
   
   Clevertouch AI employs a hybrid technology architecture, integrating industry-leading AI foundational models with our self-developed business logic layer.
   • Foundational Model Layer: We integrate Microsoft Azure Speech Service for speech processing and large language models such as GPT (via Azure OpenAI) and Google Gemini to ensure the quality and intelligence of the responses.
   • Application Layer: Clevertouch's self-developed middleware technology is responsible for accurately identifying and distributing user intent, ensuring service response speed and accuracy.
      
2. Who hosts Clevertouch AI's AI services? Is the infrastructure managed by Clevertouch/Boxlight or by an external cloud service provider?
   
   The AI service infrastructure is hosted on the Microsoft Azure cloud platform, which meets top global security standards.
    
3. How does Clevertouch ensure GDPR compliance and overall data security?
   
   Clevertouch has a dedicated team, comprising senior management and independent external consultants, committed to deploying recognised frameworks that ensure a compliant approach to data protection across the organisation and within software development practices. The effectiveness of these frameworks is demonstrated through Cyber Essentials certification and ISO 27001 accreditation, ensuring that personal data used within AI-enabled features is protected by robust technical and organisational controls. These controls span secure system design, controlled access, and ongoing risk management. This commitment ensures data is processed lawfully, securely, and transparently, while significantly reducing the risk of breaches or misuse. As a result, partners and customers can trust that Clevertouch’s AI innovations are built on a secure, compliant foundation that prioritises privacy, resilience, and accountability.
    
4. Could you elaborate on data processing, storage location, and privacy protection measures?
   
   We adhere to the design principles of "minimalist data" and "privacy first": 
   Data Processing Flow: Only necessary interaction data (such as voice/text queries) is encrypted and transmitted from the device to the Azure cloud gateway. After processing, the data is forwarded to the GPT or Gemini model for inference via an enterprise-grade API. This data is not used to train third-party models.
    
5. Storage and Retention:
    
   1. No Persistent Storage: Our processing steps do not involve long-term persistent data storage.
   2. Temporary Caching: To maintain the contextual experience of multi-turn conversations, we temporarily cache some session data in secure memory on Azure. This cache is retained for a maximum of 14 days, after which it is automatically and completely deleted.
       
6. Privacy Protection Measures:
   1. Anonymization Design: Clevertouch AI's architecture completely decouples session data from user identity (User ID), making it impossible to trace back to a specific individual through session content.Encrypted
   2. Transmission: All data is encrypted using the TLS 1.2+ protocol during network transmission to ensure secure data transmission