Security and Compliance

We do everything to make sure your data is safe with us at all times. You probably came here because you have questions, so let’s answer the important ones.

Read our Report
Bold BI Security and Compliance – GDPR HIPAA SOC 2 Certified
  • Privacy Policy
  • Terms Of Use
  • Security Policy
  • Cookie Policy
  • GDPR Overview
  • GDPR Request Form
  • SOC 2 Overview
  • SOC 2 Request Form
  • HIPAA Overview
  • NIST 800-53 Overview
  • Data Processing Addendum
  • Sub-processors
  • Ethics Policy
  • Responsible Disclosure
  • Accessibility
  • Modern Slavery Statement

Security Measures And Practices

Bold BI® maintains top-tier security through encrypted data transmission, secure cloud platforms, and regular penetration testing. Its systems boast high uptime, aided by vigilant monitoring and swift incident response.

SOC 2® Type 2

Our SOC 2® Type 2 certification verifies that Bold BI has successfully completed a thorough audit, ensuring that our security policies and controls consistently meet the highest industry standards when it comes to keeping data safe and secret.

Encrypted Transmission

All user data is transported securely, encrypted in transit and encrypted at rest. Encrypting your data provides an additional layer of protection against events such as unauthorized modification and man-in-the-middle attacks. We use 256-bit SSL/TLS.1.2 encryption and industry-standard AES-256 algorithms.

Datacenter Security

All our platform infrastructure is hosted on Microsoft Azure, Google Cloud Platform (GCP), and DigitalOcean in the US region. Azure, GCP, and DigitalOcean datacenters are deeply committed to securing the underlying infrastructure we build on and continuously expanding their compliance programs.

For more details, please refer to the Microsoft, Google, and DigitalOcean datacenter security policies linked below:

Software Security

Our application runs on the latest stable version of the Microsoft .NET Framework. We reduce the attack surface by isolating our data processes with containerized microservice architecture. Our application is also automated with a static analyzer tool that does extensive computation and ensures the security of our source code.

All our developers are trained to pay specific attention toward security. Our automated and manual code review processes constantly look for any code that could potentially violate security policies.

Secure Development

As part of our secure development lifecycle, we utilize automated tools that scan all code commits to our repositories for exposed secrets. This process is critical in preventing unauthorized access to our production environment and your data, thereby helps us adhere to industry security standards and best practices.

Payment Security

Bold BI uses a PCI-compliant payment processor for encrypting and processing credit card payments. We have partnered with Stripe to securely handle sensitive payment processing data. Details about their security posture and PCI compliance can be found at Stripe’s Security page.

Bold BI does not have access to customers’ credit card data at all.

Vulnerability Scans

Bold BI uses security tools to continuously scan for vulnerabilities. Additionally, vulnerabilities in third-party libraries and tools are monitored and software is patched or updated promptly when new issues are reported.

Penetration Testing

Bold BI undergoes regular penetration testing done by our in-house security experts and development team. A yearly detailed penetration test suite by third-party security experts is done to confirm the security of our products and environment.

Backup and Availability

To maximize availability, our systems automatically replicate your data across multiple locations in real-time. Data is also continuously backed up to ensure that we can restore access to your data and the service in the unlikely event that all data replicas fail simultaneously. Our monitoring system alerts us to any problems, and we have staff on call at all times to handle any unexpected incidents.

Uptime

Bold BI has a 99.9% uptime or higher. If our systems require maintenance or a brief outage, clients will be notified in advance.

Monitoring and Alerting

Our application and the underlying infrastructure components are actively monitored 24/7. Our engineers are immediately notified in case of an outage.

Enterprise-Grade Security and Privacy

To protect your customers’ data, security systems control access to your entire organization and secure your data at multiple levels. Encryption, audit logs, IP restrictions, and single sign-on are features that can help you protect your data and restrict access to only authorized users.

Single Sign-On

Single sign-on (SSO) with Bold BI allows users to log in and access their account with a single set of credentials by using SSO systems such as Office 365, OAuth 2.0 and OpenID identity providers.

Password Policies

Create password policies to enforce secure, strong passwords; password rotation frequency; and password expiration to meet your security standards and policies.

Roles and Permissions

Control users’ access to data by giving them certain permissions.

Audit Logs

Audit logs contain information about specific events or operations, such as access, change details, who performed an action, and so on.

Access Control Security

Bold BI follows strict access control over customer data, and employees do not have direct access to the datacenter.

Allowlist IP addresses

IP restrictions allow you to limit access to your databases or services to only those IP addresses from which your organization can access Bold BI.

Dashboard Security

Bold BI gives you control over dashboard access, allowing you to make them public or private. You can also make unlisted dashboards, restrict dashboard embedding for unknown domains, and set IP restrictions for dashboard accessibility.

VAPT Compliance

Bold BI is approved by a third-party vendor after a vulnerability assessment and penetration testing (VAPT) evaluation.

Questions

If you have any security questions, or if you believe you have found a security vulnerability, please don’t hesitate to contact our security team at [email protected].