Security Policies & Procedures
Security & Privacy at Databook
We take security and privacy seriously at Databook, and protecting customer data is a priority for us. We consider security and privacy across all aspects of the business and we are committed to creating the most robust and secure platform for our users.
Security is built into the fabric of what we do: from how we develop and build our products to how we work with customers. We are SOC 2 Type 2 certified and undergo audits annually, to ensure a strict adherence to today’s best practices in maintaining the security and availability of our systems and applications.
Our dedicated Privacy & Security team works with all teams across the organization to ensure Privacy by Design is embedded into how we build our products and operate our business.
Databook’s application is hosted on Amazon Web Services infrastructure. AWS’s physical infrastructure is accredited under ISO 27001:2013, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate and Sarbanes-Oxley.
Access to our infrastructure is restricted and monitored. To maintain the availability and resilience of our services, we regularly backup data and our platform is deployed across multiple data centers.
Databook applications follow the latest security standards, including protection against the OWASP Top 10 and other security risks. Our products are developed following a secure software development life cycle. We conduct annual penetration testing using third-party testers. Access to data is limited by role-based access controls, and our multi-tenant architecture ensures the isolation of customer data. All data is encrypted at rest and in transit, in line with industry standards.
As part of our Business Continuity Plan, data is stored in redundant locations and is continuously backed up to prevent any data loss.
Security is front of mind when selecting third party services or software. We carry out frequent scans to identify vulnerabilities and fix them in line with our vulnerability-management framework.
The Privacy & Security team keeps abreast of global privacy regulations, such as GDPR, and adapts our business to stay compliant with the ever changing privacy landscape.
We minimize the personal data we collect and perform recurring risk assessments. We conduct due diligence reviews on subprocessors and vendors, ensuring they meet our security criteria.
Databook employees undergo background checks, sign confidentiality agreements, and complete annual security training. Employee devices are secured and monitored.
If you have any questions regarding our security policies and procedures, please contact us via email at firstname.lastname@example.org.