How we protect your data and maintain the security of our platform.
At OnboardBuddy, security is a top priority. We understand that you trust us with sensitive information, and we take that responsibility seriously. Our security program is designed to protect your data and ensure the reliability of our service.
We follow industry best practices for security, including regular security assessments, employee training, and continuous monitoring. Our team stays up-to-date with the latest security threats and vulnerabilities to ensure that our platform remains secure.
We're committed to transparency about our security practices and will promptly notify you of any security incidents that may affect your data.
We're committed to meeting industry security standards and best practices.
All data is encrypted in transit and at rest using industry-standard encryption protocols. We use TLS 1.3 for all data in transit and AES-256 for data at rest.
Our infrastructure is hosted on AWS with multiple layers of security controls. We implement network segmentation, firewalls, and intrusion detection systems.
We conduct regular security audits and penetration tests to identify and address potential vulnerabilities. Our security practices are continuously reviewed and improved.
We implement strict access controls and follow the principle of least privilege. All access to production systems is logged and monitored.
We appreciate the work of security researchers in improving the security of our service. If you believe you've found a security vulnerability in our service, we encourage you to report it to us.
Please provide detailed information about the vulnerability, including steps to reproduce, potential impact, and any other information that would help us understand and address the issue.
We use industry-standard authentication methods, including multi-factor authentication, to protect user accounts. Passwords are never stored in plain text and are hashed using strong, modern algorithms.
Yes, we have a comprehensive disaster recovery plan that includes regular backups, redundant systems, and procedures for quickly restoring service in the event of an outage or data loss.
We carefully vet all third-party services and integrations. We use OAuth and secure API connections, and we never store third-party credentials in plain text. We regularly review our integrations to ensure they meet our security standards.
In the event of a security breach, we will promptly notify affected users and provide information about the breach, including what data was affected and what steps we're taking to address the issue. We will also work with law enforcement and security experts as needed.