Enterprise Grade Security and Data Protection.

We take your data security and privacy very seriously. BoostUp’s platform has been built with a security-first focus with SOC2 compliant highly restricted access controls, 256 bit end-to-end encryption, GDPR compliance and granular data expiration policies that customers can control.

SOC-2, Type-2 Certified.

Highly Secure Logically Partitioned Hosted Architecture

BoostUp is a SOC2, Type-2 certified, security-first company, dedicated to protecting our customers’ valuable information. We ensure the security, availability, confidentiality, processing integrity, and privacy of our customer data.

Our logically partitioned hosted architecture isolates customer data inside our database, allows granular deletion, access control and management policies, and ensures maximum security. This architecture completely isolates your data and gives you fine-grained control over data retention and deletion.

Enterprise grade security customers trust.

"In the many security reviews I have done in my career, BoostUp was the fastest, most transparent, no BS security review I have ever gone through. The team genuinely understands the importance of security. The whole process was seamless, the team was attentive and responsive, and we completed the entire security review in 2 business days - a record for sure!"
Lee Rayl, Security Program Manager
Lee Rayl
Security Program Manager, Degreed

With BoostUp you are in control.

Granular Security Policies

Selectively allow or deny field access. Set custom expirations for any data fields.

Auditable Log Access

Easily audit our security logs in real-time.

User Consent Supported

Choose user by user data access consent.

Infrastructure Security

BoostUp’s cloud service is completely hosted in AWS, in data centers that reside within the United States. AWS data centers are highly secure, and are SOC1, SOC2 and SOC3 compliant. All our production and staging servers are hosted in their own Virtual Private Clouds (VPCs). We make extensive use of security groups to restrict access to these servers, enabling only the minimum level of access needed for operation.

Application and Data Security

BoostUp only allows login via Single Sign-On (SSO). SSO login is supported for Google Apps and Office365. As a result, BoostUp never stores any user passwords in our database.

The BoostUp security team encourages responsible reporting of any vulnerabilities that may be found in our site or applications. BoostUp is committed to working with security researchers to verify and address any potential vulnerabilities that are reported to us. Please refer to our Vulnerability Disclosure Policy for more details.

Access Control

BoostUp.ai employs the principle of least privilege – users should only be able to access functions, data files, URLs, controllers, services, and other resources, for which they possess specific authorization. This implies protection against spoofing and elevation of privilege.

Access to sensitive records is protected, such that only authorized objects or data is accessible to each user. BoostUp.ai application uses strong random anti-CSRF tokens and correctly enforces context-sensitive authorization so as to not allow unauthorized manipulation by means of parameter tampering.

Encryption

All cryptographic modules fail securely, and errors are handled in a way that does not enable oracle padding. All cryptographic algorithms used by BoostUp.ai have been validated against FIPS 140- 2. TLS is used for all connections including both external and backend connections.

All sensitive data is sent to the server in the HTTP message body or headers only. Proper certification revocation, such as Online Certificate Status Protocol (OCSP) Stapling, is enabled and configured. Only strong algorithms, ciphers, and protocols are used, through all the certificate hierarchy, including root and intermediary certificates. All data is stored at rest on EBS volumes in an encrypted form.

Malicious Input Handling

All SQL queries, HQL, OSQL, NOSQL and stored procedures, calling of stored procedures are protected and not susceptible to SQL injection. BoostUp.ai application has security controls in place to prevent LDAP injection, OS command injection, Remote File Inclusion (RFI), Local File Inclusion (LFI), XML attacks and DOM Cross-Site Scripting (XSS) attacks.

Our customers love BoostUp.

With BoostUp, we are easily 25% more accurate in our forecast prediction, and we have greater visibility into our deal health. Before BoostUp, we used spreadsheets and other systems, making this process very difficult and inaccurate. With BoostUp, we have a new level of clarity, and we’re never going back!

Dan Brayton

Head of Sales Operations, Iterable

With BoostUp, I can inspect pipeline in 1/10th of the time, and call deals 2x more accurately, which helps us as an organization forecast more efficiently and reliably. Our leaders now have an excellent lens to evaluate deal risks instantly.

Stephen Daniels

Head of Sales Operations, Branch

We use BoostUp to understand deal risk and understand deal velocity. With BoostUp, we are easily 5 times as efficient, 100% more confident in our forecasting approach and projections, and have shaved off 20 hours a month in our forecasting preparations.

Marco Pasqualina

SVP & Head of Sales, Toluna

We can cut through pipeline BS and learn deal risks while saving 3-4 hours of my back-and-forth time every week. Risk factors are immediately actionable, so my AEs can quickly prioritize at-risk deals. This all helps us more accurately predict our forecast number!

Chris Pham

Head of Sales, Dealpath

BoostUp measures deal risk based on engagement and the sentiment of those engagements. These "actionable risk metrics" allow me to positively impact deal health, pipeline strength, and forecast accuracy.

Navid Zolfaghari

VP Sales, Branch