BoostUp SOC 2, Type-2 Certified (Monitored by Vanta)

SOC-2, Type-2 Certified.

Highly Secure Logically Partitioned Hosted Architecture

BoostUp is a SOC 2, Type-2 certified, security-first company, dedicated to protecting our customers’ valuable information. We ensure the security, availability, confidentiality, processing integrity, and privacy of our customer data.

Our logically partitioned hosted architecture isolates customer data inside our database, allows granular deletion, access control and management policies, and ensures maximum security. This architecture completely isolates your data and gives you fine-grained control over data retention and deletion.

With BoostUp you are in control.


Granular Security Policies

Selectively allow or deny field access. Set custom expirations for any data fields.

Auditable Log Access

Easily audit our security logs in real-time.

User Consent Supported

Choose user by user data access consent.

Enterprise-grade security customers trust.

"In the many security reviews I have done in my career, BoostUp was the fastest, most transparent, no BS security review I have ever gone through. The team genuinely understands the importance of security. The whole process was seamless, the team was attentive and responsive, and we completed the entire security review in 2 business days - a record for sure!"

  • Lee Rayl, Security Program Manager
  • Lee Rayl

    Security Program Manager, Degreed
Infrastructure Security

Infrastructure Security

BoostUp’s cloud service is completely hosted in AWS, in data centers that reside within the United States. AWS data centers are highly secure, and are SOC1, SOC2 and SOC3 compliant. All our production and staging servers are hosted in their own Virtual Private Clouds (VPCs). We make extensive use of security groups to restrict access to these servers, enabling only the minimum level of access needed for operation.

Data Security

Application and Data Security

BoostUp only allows login via Single Sign-On (SSO). SSO login is supported for Google Apps and Office365. As a result, BoostUp never stores any user passwords in our database.

The BoostUp security team encourages responsible reporting of any vulnerabilities that may be found in our site or applications. BoostUp is committed to working with security researchers to verify and address any potential vulnerabilities that are reported to us. Please refer to our Vulnerability Disclosure Policy for more details.

Access Control

Access Control employs the principle of least privilege – users should only be able to access functions, data files, URLs, controllers, services, and other resources, for which they possess specific authorization. This implies protection against spoofing and elevation of privilege.

Access to sensitive records is protected, such that only authorized objects or data is accessible to each user. application uses strong random anti-CSRF tokens and correctly enforces context-sensitive authorization so as to not allow unauthorized manipulation by means of parameter tampering.

Data Encryption


All cryptographic modules fail securely, and errors are handled in a way that does not enable oracle padding. All cryptographic algorithms used by have been validated against FIPS 140- 2. TLS is used for all connections including both external and backend connections.

All sensitive data is sent to the server in the HTTP message body or headers only. Proper certification revocation, such as Online Certificate Status Protocol (OCSP) Stapling, is enabled and configured. Only strong algorithms, ciphers, and protocols are used, through all the certificate hierarchy, including root and intermediary certificates. All data is stored at rest on EBS volumes in an encrypted form.

Malicious Data Control

Malicious Input Handling

All SQL queries, HQL, OSQL, NOSQL and stored procedures, calling of stored procedures are protected and not susceptible to SQL injection. application has security controls in place to prevent LDAP injection, OS command injection, Remote File Inclusion (RFI), Local File Inclusion (LFI), XML attacks and DOM Cross-Site Scripting (XSS) attacks.

Our customers love BoostUp.


After doing our vendor landscape due diligence, BoostUp was the only complete revenue intelligence platform in a market full of point solutions. We needed one connected revenue intelligence solution that solved all our needs - one built for our entire revenue team to drive forecasting, accuracy in our forecast, and scale deal reviews.

David Groves

VP, Worldwide Field Operations, ContentSquare

With BoostUp, we’ve been able to break down the barriers between every member of the account team. With this newfound visibility and transparency, our sellers can focus on the right action at the right time. The result is a higher-performing, more profitable, far more efficient, and actionable sales organization.

Robert Sliker

Director of Business Management, Windstream

With BoostUp, I can inspect pipeline in 1/10th of the time, and call deals 2x more accurately, which helps us as an organization forecast more efficiently and reliably. Our leaders now have an excellent lens to evaluate deal risks instantly.

Stephen Daniels

Head of Sales Operations, Branch

We use BoostUp to understand deal risk and understand deal velocity. With BoostUp, we are easily 5 times as efficient, 100% more confident in our forecasting approach and projections, and have shaved off 20 hours a month in our forecasting preparations.

Marco Pasqualina

SVP & Head of Sales, Toluna

BoostUp has made deal-by-deal opportunity management much simpler, which has made our forecasting projections significantly more accurate and something we can truly trust. It allows me to prioritize at-risk deals and coach more efficiently. And the really good reps have adopted BoostUp as it gets them insights into their deal activity and allows them to sell more effectively.

Tammy Broussard

Sales Director, Edcast