All Collections
Security & Legal
Security Center & Documentation
Security Center & Documentation

Do you perform penetration testing? How do you encrypt data? Where is your privacy policy?

Chelsea avatar
Written by Chelsea
Updated yesterday

PlaybookUX Security Center & Documentation

Learn more about how PlaybookUX protects your data.

ISO 27001 & 27701 Certified

PlaybookUX is ISO 27001 & 27701 certified. This demonstrates that PlaybookUX has the necessary controls in place to mitigate the risks related to security, availability and confidentiality.

SOC 2 Type II Certified

Our recent SOC 2 Type II demonstrated that PlaybookUX has controls in place related to security, availability and confidentiality. Our reporting period concluded August 1st 2022. PlaybookUX is committed to annual SOC 2 audits. Customers interested in attaining our recent SOC 2 Type II report should contact hello@playbookux.com.

Hosting

Data centers are SOC2 Type II certified and in a safe environment.

Security Program: OWASP

Our company bases its security program on OWASP. Our security program covers the following but not limited to: Information classification and protection, access control, software development, compliance with laws and regulations, security in Human Resources, acceptable use of information IT devices, authorized/unauthorized use and disclosure of data, incident management and response procedures for both security and privacy incidents, retention and destruction of data. To request a copy of our internal security procedures document, please email hello@www.playbookux.com.

Data Protection Officer

We have a data protection officer who is a member of our staff and is accountable and responsible for managing information security. Please contact hello@playbookux.com for information on contacting our Data Protection Officer.

Penetration Testing

PlaybookUX uses third party security tools to continuously scan our platform for vulnerabilities. We engage annually with third-party security experts to perform thorough penetration tests on the PlaybookUX application.

GDPR

We are commitment. Please read our privacy policy here for more information.

CCPA

Please read the CCPA notice here.

HIPAA

All of our user data is stored on Google Cloud Platform & Amazon Web Services which are both fully HIPAA compliant. 

PlaybookUX has a Business Associate Agreement (BAA) with both Google Cloud Platform & Amazon Web Services. A Business Associate Agreement is required by law for HIPAA compliance.

PCI DSS

Our organization is PCI DSS compliant. All payments route through Stripe, our payment processor.

Encryption

We only use strong cipher suites and have features such as Perfect Forward Secrecy fully enabled. Our API and application endpoints are TLS/SSL. Our data in transit and data at rest are encrypted with secure algorithms. All SSL certifications are issues by Amazon Web Services.

  • Data in transit: SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256

  • Data at rest: AES-256 encrypted

Virtual Private Cloud

All of our servers are contained within our own virtual private cloud (VPC) with network access control lists (ACLs) which prevent unauthorized requests getting to our internal network.

Incident Response Plan

Our IT & security team perform rotation shifts (24 hours per day, 7 days per week) and has a thorough escalation policy.

Permissions & Authentication

Access to customer data is restricted to authorized employees who require it for their job role. PlaybookUX operates 100% over https. There are not corporate resources nor additional privileges from being on PlaybookUX’s network.

We have 2-factor authentication (2FA) and strong password requirements for Google, AWS, Github and Google Cloud Services to ensure access to cloud services are protected. 

Daily Monitoring, High Availability & Daily Backups

  • We continuously monitor our servers to prevent interference and access from outside intruders. Our IT team regularly reviews the logs and notifies the team of any security concerns. Please request the latest scan results by emailing hello@www.playbookux.com.

  • Our uptime is 99.999% YTD

  • We perform backups daily.

Permanent Deletion

Customers have the option to permanently delete their data from PlaybookUX. Data can be restored up to 30 days after deletion.

Data Request

We do not share your data with third parties. If requested, we can provide a copy of your data in a readable and usable format within 3 business days.

Data Privacy

Your data is yours. PlaybookUX does not sell or rent any customer information or information provided to us. For more information, please review our privacy policies. https://www.playbookux.com/privacy-policy-company/.

Employee Training & Confidentiality

  • All PlaybookUX employees, contractors and vendors have passed background checks.

  • The aforementioned parties sign confidentiality clauses

  • Security procedures are updated frequently and distributed to all employees

  • All employees undergo annual Security & Awareness training

Documents

  • Data Subprocessors Learn how your data is processed and who we’ve signed data processing agreements with.

Did this answer your question?