Boss Insights Values Security

We are a SOC 2 certified SaaS company. We hold the security of our customers data in high regard and actively respond to new threats as they emerge.

  • RSOC 2 Certified
  • RPenetration Tested & Certified
  • RSSL 256bit Encryption
  • RData Encrypted At Rest
  • RWe Never Store Credit Cards
  • RRoutine 3rd Party Audits
  • RPhysically Secure Data Center
  • RActive/Passive Security Scans
SOC 2 Pen Test Logos

How secure is my data?

Your data is protected by industry standard encryption as it is transmitted to Boss Insights servers and once again when stored on our systems. Our servers are protected by firewall systems as well as intrusion detection systems. All access to your data is via authenticated users only (unless you choose to share some file publicly). All access is logged.

Do you use encryption?

Yes, we use SSL 256bit encryption for transmitting data and 256bit server side encryption for data at rest on our systems.

Any user passwords to access Boss Insights are stored as salted hashed values and are not retrievable in original form.

Is my credit card at risk?

We are not a payment processor and so do not transmit or store credit card information on our systems. We use Stripe to process your payment and maintain a token reference with them to help manage your subscription. We do not at any time see your credit card information.

Are you audited?

Our systems undergo regular tests and scans by external vendors such as Qualys and AWS to provide validation and monitoring of our security. We also maintain a SOC2 Type 2 audit by an AICPA accredited auditing firm.

Where are your servers and are they physically secure?

We host our systems using Amazon Web Services. Your data will reside in various data centers within a given country (US, Canada, UK) and we may relocate your data from time to time in order to maintain availability of our service to you.

I’ve found a security issue, who should I tell?

We appreciate if you can notify us via email at: info (at) bossinsights.com, we ask that you give us time to remedy the issue before disclosure. We will work to rapidly fix issues and inform any impacted parties and ask you to please follow responsible disclosure

If you suffer a breach what is your disclosure policy?

Upon becoming aware of a breach we will work diligently to understand the issue to a reasonable level of confidence before communicating with any impacted parties. Those impacted will then be given further updates as additional facts come to light.

What additional measures do you use to safeguard data?

We employ scanning software to look for unexpected behavior in our systems and take automated actions and flag for review

How do you manage and secure system access?

We support SAML and OAuth standards to access our systems and can act as a SAML identity provider for your other software. We also support access via 3rd party identity providers like Google GSuite.  We also support MFA through a one time password mechanism.

Who owns my data?

You do. Your data is yours and we never share it with anyone else unless you request to. For more information please see our Privacy Policy.

Where do I find your SOC2?

Our customers can request a copy of our SOC2 Type II report and other security documents from our trust center.