Your data is secure, private, and protected — by design

Databox is built with enterprise-grade security, strict compliance
standards, and continuous monitoring to ensure your data is always safe.

Visit Trust Center
  • Certifications & Compliance
    Databox adheres to internationally recognized security and privacy standards to ensure your data is handled responsibly.
  • Data Protection
    Your data is encrypted at-rest via AES-256 and in-transit via TLS 1.2 or higher. Complete data backups are performed weekly, with daily differential backups.
  • Infrastructure
    Databox runs on AWS — one of the most secure and reliable cloud platforms in the world — so your data benefits from infrastructure trusted by millions of businesses globally.
  • Access Control & People Security
    Every Databox employee is trained on current security standards, and access to your data is strictly controlled through role-based permissions and least-privilege principles — monitored and reviewed continuously.
  • Monitoring & Incident Response
    We monitor your data 24/7. If something happens, our automated alerting and documented incident response procedures mean we're already on it before you have to ask.
  • Application Security
    We ensure application security through secure credential management, a structured SDLC with embedded security practices, and continuous vulnerability management.

Trusted by 20,000+ teams

  • Toast
  • BambooHR
  • SmartBug
  • Conair
  • Dentsu
  • Wistia
  • Avidly
  • New Breed

More information

Learn more about our commitment to security, privacy and compliance.

SOC 2 Type II Compliance

We are currently in the process of obtaining SOC 2 certification. We are implementing and strengthening key security controls in alignment with SOC 2 requirements and working with an independent auditor. The formal audit and certification are planned in the near term, reflecting our commitment to security and trust.

Trust Portal

Terms of Service

Our terms of service outline the rules and expectations that govern your use of Databox — clearly written and always up to date.

Terms of Service

Privacy Policy

Our privacy policy explains what data Databox collects, how it's used, and how you can control, correct, or delete your information at any time.

Privacy Policy

Data Processing Agreement

Our Data Processing Agreement (DPA) outlines how Databox processes personal data on behalf of our customers in compliance with applicable data protection laws.

Data Processing Agreements (DPA)
G2 logo 4.4
Capterra logo 4.6
based on 1,000+ reviews
SoftwareAdvice Front Runners 2025 badge SoftwareSuggest Easy Usability winter 2025 award G2 High Performer Mid-Market Winter 2025 badge G2 Spring 2025 Grid Leader Mid-Market badge G2 High Performer Asia Winter 2025 badge G2 Spring 2025 Asia High Performer badge G2 Spring 2025 Americas High Performer Mid-Market badge G2 Spring 2025 Asia High Performer badge Mid-Market High Performer Americas Winter 2025 badge G2 Spring 2025 Grid Leader Mid-Market badge G2 Leader EMEA Winter 2024 badge G2 Best Meets Requirements Mid-Market Spring 2024 badge G2 High Performer Winter 2025 badge Capterra Short List 2025 badge GetApp Category Leaders 2024 badge SoftwareSuggest Customer choice winter 2025 award

Frequently Asked Questions

What security certifications does Databox hold (e.g., SOC 2, ISO 27001)?

Databox is in the process of obtaining SOC 2 certification, validating the design of our security controls. We are currently undergoing an external audit to demonstrate the ongoing effectiveness of these controls over time.

While we are not currently ISO 27001 certified, we follow industry best practices and implement controls aligned with frameworks such as ISO 27001 and the NIST Cybersecurity Framework.

Does Databox perform penetration tests, and what is the frequency?

Yes, Databox conducts third-party penetration tests regularly to ensure the robustness of our security posture. We typically aim to perform these tests at least annually, and sometimes quarterly, especially when there are substantial changes to our infrastructure or emerging security concerns. Results and reports from these assessments are maintained for internal use only and are not shared externally.

Are vulnerability scans conducted both internally and externally?

Yes, we perform regular vulnerability checks, including penetration tests, both by our internal teams and external contractors. A regular security audit is part of our commitment to provide a secure and stable product to our users.

Where is customer data stored and processed?

All Databox products run on best-in-class servers in Amazon Web Services (AWS) data centers located in the United States of America (AWS East region). All AWS services are GDPR-compliant, and customer data is always protected and remains within these data centers.

Is Databox compliant with privacy regulations like GDPR?

Yes. Databox complies with GDPR and other applicable privacy regulations. We implement strong technical and organizational measures to protect personal data and ensure it is processed securely and transparently.

How is data secured in transit and at rest?

We adhere to the highest encryption standards:

  • Data at rest is encrypted via AES-256 encryption.
  • Data in transit is encrypted using SSL/TLS 256-bit encryption (TLS 1.2 or higher).
  • Network security is multi-layered, utilizing Amazon’s Virtual Private Cloud (VPC), security groups, and system firewalls.

Is Multi-Factor Authentication (MFA) or Single Sign-On (SSO) supported/required?

For Databox Internal Use: Multi-factor authentication is required on all enterprise applications and production systems for Databox employees.

For Customers: Databox supports the SAML 2.0 Single Sign-On (SSO) login standard. MFA for customer accounts is optional but can be enforced by account admins on certain plans or by purchasing an add-on.

Who is the Data Protection Officer (DPO)?

Our Data Protection Officer (DPO) is Andrej Žitnik.

Who owns the data that is imported into Databox?

Customers retain complete ownership of their data, with Databox serving as a data processor under GDPR. We ensure that all data is managed in accordance with customer-defined permissions and privacy standards.

What is Databox's process for data deletion upon account termination?

Upon initiating the account deletion process, all related data is anonymized and securely deleted from our systems, including all backups, within a reasonable and specified timeframe as outlined in the Data Processing Agreement.

Does Databox provide official API documentation for developers?

You can find out more about our API functionality here: developers.databox.com.