Not only do we build world-class features, but we are also SOC 2, Type-2 compliant. We built our platform with a laser focus on enterprise-grade reliability, security and data protection for our customers.
At BoostUp, security is core to our business and product. It is a fundamental part of our platform and is essential to our business. As a Revenue Operations & Intelligence platform, we analyze and process sensitive data – revenue, call, and activity – for our customers. Our customers and partners trust us with their sensitive data, and we shoulder the responsibility to ensure appropriately managed security, confidentiality, and integrity of that data. We pride ourselves on our commitment to having the most robust security practices and safeguards implemented across the entire application stack and being proactive and responsive to our customers’ data security.
BoostUp is hosted entirely on Amazon Web Services (AWS), providing end-to-end security and privacy features built-in. Our team takes additional proactive measures to ensure a secure infrastructure environment. Gartner Research positions AWS in the Leaders quadrant of the new 2021 Magic Quadrant for Cloud Infrastructure & Platform Services (CIPS). For more specific details regarding AWS security, please refer to https://aws.amazon.com/security/.
We built our platform with a security-first focus, dedicated to protecting your data. As a result, we are SOC 2, Type-2 compliant with highly restricted access controls, 256-bit end-to-end encryption, HIPAA and GDPR compliant techniques and controls, and granular data expiration policies that are fully customer-facing and manageable.
BoostUp has partnered with the independent audit firm of Dansa D’Arata Soucia LLP, which has worked with numerous fast-moving start-ups across broad industry verticals. We chose the option of initially completing a SOC2 Type I audit, followed by a SOC2 Type II audit which we received in September 2020. We annually retest our SOC2 controls and are expanding our compliance programs in 2022 to include:
Ongoing internal network security audits and scanning give us an overview for quickly identifying impacted systems and services. According to our in-house patch management policy, operating systems, software, frameworks, and libraries used in BoostUp infrastructure are regularly updated to the latest versions.
Furthermore, whenever a vulnerability in a product used by BoostUp or a high or critical vulnerability is publicly reported, prompt actions are taken to mitigate any potential risks for our customers. We apply hotfixes and patches promptly when available and/or implement pro-active mechanisms like configuration of firewalls or IDS/IPS.
With BoostUp, we are committed to providing the highest security measures to ensure your data remains safe while giving you the control you desperately need.
Configure policies for different groups of users. Define who has access to each part of the system, as well as what they can do with that access.
Configure policies for different groups of users. Define who has access to each part of the system, as well as what they can do with that access.
Selectively allow or deny field access for your organization. Easily set customer expiration dates for any data fields to further protect your data.
File and data access history and activity monitoring to maintain security policies.
File and data access history and activity monitoring to maintain security policies.
Quickly audit our security log at any time and in real-time. This level of detail puts you in control of your own data.
Manage how and when users can consent to applications that will have access to your organizational data.
Manage how and when users can consent to applications that will have access to your organizational data.
Manage consent and access to applications at the user level. Alternatively, you can centralize the decision-making process with your security administrator team.
Configure policies for different groups of users. Define who has access to each part of the system, as well as what they can do with that access.
Selectively allow or deny field access for your organization. Easily set customer expiration dates for any data fields to further protect your data.
File and data access history and activity monitoring to maintain security policies.
Quickly audit our security log at any time and in real-time. This level of detail puts you in control of your own data.
Manage how and when users can consent to applications that will have access to your organizational data.
Manage consent and access to applications at the user level. Alternatively, you can centralize the decision-making process with your security administrator team.
Everyone at BoostUp is committed to protecting our customers' data. That’s why we continually monitor our network security and infrastructure allowing us to identify any vulnerabilities, their severity and resolve them quickly.
Your data is protected by Amazon Web Services.
Your data is protected by Amazon Web Services.
BoostUp's cloud service is hosted in AWS and provides robust, physical, data center, and environmental and physical controls.
AWS is the most flexible and secure cloud computing environment available. BoostUp's core offering relies on this infrastructure and satisfies modern-day SaaS offerings' security requirements. This is backed by a deep set of cloud security tools and a "follow the sun" support model by dedicated BoostUp staff overseeing and managing security, compliance, and governance controls and features.
Your data is secure by SSO and dual-factor authentication.
Your data is secure by SSO and dual-factor authentication.
BoostUp only allows login via Single Sign-On (SSO). SSO login is supported for Google Apps and Office365. As a result, BoostUp never stores any user passwords in our database.
We provide your team with access control.
We provide your team with access control.
BoostUp employs the principle of least privilege – users should only be able to access functions, data files, URLs, controllers, services, and other resources they possess specific authorization.
BoostUp makes extensive use of security groups to restrict access to minimum levels to all servers and resources.
We encrypt all data at rest and in motion.
We encrypt all data at rest and in motion.
BoostUp deploys on AES256 encryption and implementations that have been validated against FIPS 140-2 protocols.
TLS is used for all connections. All sensitive data is encrypted at rest and in transit across all networks.
Your data is protected by Amazon Web Services.
BoostUp's cloud service is hosted in AWS and provides robust, physical, data center, and environmental and physical controls.
AWS is the most flexible and secure cloud computing environment available. BoostUp's core offering relies on this infrastructure and satisfies modern-day SaaS offerings' security requirements. This is backed by a deep set of cloud security tools and a "follow the sun" support model by dedicated BoostUp staff overseeing and managing security, compliance, and governance controls and features.
Your data is secure by SSO and dual-factor authentication.
BoostUp only allows login via Single Sign-On (SSO). SSO login is supported for Google Apps and Office365. As a result, BoostUp never stores any user passwords in our database.
We provide your team with access control.
BoostUp employs the principle of least privilege – users should only be able to access functions, data files, URLs, controllers, services, and other resources they possess specific authorization.
BoostUp makes extensive use of security groups to restrict access to minimum levels to all servers and resources.
We encrypt all data at rest and in motion.
BoostUp deploys on AES256 encryption and implementations that have been validated against FIPS 140-2 protocols.
TLS is used for all connections. All sensitive data is encrypted at rest and in transit across all networks.
All SQL queries, HQL, OSQL, NOSQL and stored procedures, calling of stored procedures are protected and not susceptible to SQL injection. BoostUp.ai application has security controls in place to prevent LDAP injection, OS command injection, Remote File Inclusion (RFI), Local File Inclusion (LFI), XML attacks and DOM Cross-Site Scripting (XSS) attacks.
BoostUp proactively monitors our infrastructure to identify any vulnerabilities and continuously works with security researchers to verify and address any issues. Please refer to our Vulnerability Disclosure Policy for more details.