We currently use Amazon Web Services (AWS) to store our data. AWS provides secure data centers and a network architected to protect information, identities, applications, and devices. AWS is the highest industry standard for data storage with industry-recognized certifications and audits: PCI DSS Level 1, ISO 27001, FISMA Moderate, FedRAMP, HIPAA, and SOC 1 (formerly referred to as SAS 70 and/or SSAE 16) and SOC 2 audit reports. User files are encrypted at rest using AWS-managed encryption and web traffic is encrypted and sent securely over SSL. For more information on AWS Security, click here.
Boardable’s information security program includes administrative, technical, and physical safeguards protecting customer data against accidental, unauthorized or unlawful destruction, disclosure, and access.
Each Boardable user sets his or her own password. These passwords must be at least 8 characters. A list of the top 1,000 most commonly used passwords is prohibited. Passwords are all encrypted.
We work with customers to remove their personal data from the product and third parties we partner with upon request.
Boardable uses Stripe to process customer credit card information. All credit card data is sent directly from our customers to Stripe, and none of it is exposed on our website or server at any time. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. For more information on Stripe, click here.
We conduct an annual penetration test which is a simulated cyberattack against our systems checking for exploitable vulnerabilities. Red Rock IT Security is our 3rd party cybersecurity service provider conducting automated scanning.