PlaybookUX Security Center & Documentation
Learn more about how PlaybookUX protects your data.
- Amazon Web Services in Virginia, United States: https://aws.amazon.com/compliance/soc-faqs/
Data centers are SOC2 Type II certified and in a safe environment.
Security Program: OWASP
Our company bases its security program on OWASP. Our security program covers the following but not limited to: Information classification and protection, access control, software development, compliance with laws and regulations, security in Human Resources, acceptable use of information IT devices, authorized/unauthorized use and disclosure of data, incident management and response procedures for both security and privacy incidents, retention and destruction of data. To request a copy of our internal security procedures document, please email firstname.lastname@example.org.
Data Protection Officer
We have a data protection officer who is a member of our staff and is accountable and responsible for managing information security. Please contact email@example.com for information on contacting our Data Protection Officer.
PlaybookUX uses third party security tools to continuously scan our platform for vulnerabilities. We engage annually with third-party security experts to perform thorough penetration tests on the PlaybookUX application.
Please read the CCPA notice here.
All of our user data is stored on Google Cloud Platform & Amazon Web Services which are both fully HIPAA compliant.
- Google Cloud Platform HIPAA Policy: https://cloud.google.com/security/compliance/hipaa-compliance/
- Amazon Web Services HIPAA Policy: https://aws.amazon.com/compliance/hipaa-compliance/
PlaybookUX has a Business Associate Agreement (BAA) with both Google Cloud Platform & Amazon Web Services. A Business Associate Agreement is required by law for HIPAA compliance.
Our organization is PCI DSS compliant. All payments route through Stripe, our payment processor.
We only use strong cipher suites and have features such as Perfect Forward Secrecy fully enabled. Our API and application endpoints are TLS/SSL. Our data in transit and data at rest are encrypted with secure algorithms. All SSL certifications are issues by Amazon Web Services.
- Data in transit: SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
- Data at rest: AES-256 encrypted
Virtual Private Cloud
All of our servers are contained within our own virtual private cloud (VPC) with network access control lists (ACLs) which prevent unauthorized requests getting to our internal network.
Incident Response Plan
Our IT & security team perform rotation shifts (24 hours per day, 7 days per week) and has a thorough escalation policy.
Permissions & Authentication
Access to customer data is restricted to authorized employees who require it for their job role. PlaybookUX operates 100% over https. There are not corporate resources nor additional privileges from being on PlaybookUX’s network.
We have 2-factor authentication (2FA) and strong password requirements for Google, AWS, Github and Google Cloud Services to ensure access to cloud services are protected.
Daily Monitoring, High Availability & Daily Backups
- We continuously monitor our servers to prevent interference and access from outside intruders. Our IT team regularly reviews the logs and notifies the team of any security concerns. Please request the latest scan results by emailing firstname.lastname@example.org.
- Our uptime is 99.999% YTD
- We perform backups daily.
Customers have the option to permanently delete their data from PlaybookUX. Data can be restored up to 30 days after deletion.
We do not share your data with third parties. If requested, we can provide a copy of your data in a readable and usable format within 3 business days.
Your data is yours. PlaybookUX does not sell or rent any customer information or information provided to us. For more information, please review our privacy policies. https://www.playbookux.com/privacy-policy-company/.
Employee Training & Confidentiality
- All PlaybookUX employees, contractors and vendors have passed background checks.
- The aforementioned parties sign confidentiality clauses
- Security procedures are updated frequently and distributed to all employees
- All employees undergo annual Security & Awareness training
- Non Disclosure Agreement (NDA) Our testers agree to keep your testing assets private.
- Tester Terms of Service View our terms of service. By using our platform, you agree to abide by them.
- Company (Client) Terms of Service View our terms of service. By using our platform, you agree to abide by them.
- Data Subprocessors Learn how your data is processed and who we’ve signed data processing agreements with.
- Data Processing Agreement This document defines how we process our client’s data