• Product
  • Services
  • Pricing
Build Dashboards
  • Dashboard Integrations
  • Dashboard Templates
  • Integrate Your Data
  • Calculate metrics
  • Dashboard Designer
  •  
  • Agency features
Track performance
  • Dashboards
  • Metric Tracking
  • Goal tracking
  • Company KPI Scorecards
  • KPI Alerts
  • Desktop, Mobile & TV
  • Full feature list
$0/month, no credit-card required, free-forever version Get Started >
Databox logo - white Databox logo - dark
  • Partners
  • Resources
  • Login
  • Free Signup
  • Knowledge Base
  • Training
  • Template Directory
  • Blog
  • For Developers
  • Customers
  • Find a Partner
  • Become a Partner

Security Policy

  • Terms of Service
  • Privacy Policy
  • GDPR
  • Security Policy
  • Cookie Policy
  • Data Processing Agreement

Security Policy

Nothing is more important than protecting our customers’ data. We adhere to enterprise-class security levels and the highest encryption standards to keep customer data secure at all times. We apply GDPR rules for all customers.

Data centers

All Databox products run on best-in-class servers in Amazon AWS data centers located in the United States of America. All Amazon AWS services are GDPR-compliant. Customer data is always protected and never leaves the data centers.

Host security

Servers are configured as bastion hosts with each server containing only the services it absolutely needs. No other software is added to the host to lessen the security penetration surface.

Databox software infrastructure is comprised of many microservices. Each microservice is isolated and run on a specific docker host. Hosts are dynamically scaled depending on the load.

Network security

Network security follows a multi-layered approach:

  • At the top we use Amazon’s Virtual Private Cloud (VPC) utilizing its own security measures and principles
  • Security groups are assigned to each instance type, permitting only networks and ports absolutely needed for each instance type to function
  • Each instance has its own system firewall to protect its services even further
  • At the single network point of entry, the network intrusion detection & prevention system is installed, along with an active monitoring, filtering, and alerting system.
  • Every connection to our hosts is SSL encrypted using proven, peer-reviewed, and open-source encryption algorithms to prevent network sniffing, injecting, and other attacks.

Data Storage

Data at rest is encrypted via AES-256 encryption using the services AWS provides and/or native Linux tools.

Monitoring

We use on-site and off-site monitoring and alerting tools 24/7. We try to detect every anomaly that could affect our services before they become issues. Personnel is always available for urgent issues, which are escalated up the chain as necessary.

We strive for 99.99% uptime for all our products.

Penetration testing

Although our services are regularly upgraded, configured and monitored, regular penetration tests are employed to identify and remedy potential security issues. We aim to perform such penetration tests on a quarterly basis.

Internal IT Security

Critical passwords are secured in a virtual vault, using strong encryption protocols. Access is granted to authorised and qualified personnel only, on need-to-know basis.

Data protection, Disaster Recovery & Data Continuity

Production data is mirrored to multiple servers. In case of an instance failure, other instances take over the load. New instance is launched, which then resyncs data and rejoins the cluster.

Backups are done at least daily, but may be more frequent due to the sensitivity of the data. Backups are securely stored as encrypted data in a GDPR-compliant data center.

We test our recovery operations and backup quality by regular data recovery. Minimum data recovery is seven days, up to 30 days of retention. GDPR requirements are followed.

Certificates, compliance

As all software and customer data resides only in Amazon AWS infrastructure, AWS security certification compliance applies. Amazon AWS is certified with the following certificates, among others:

  • ISO 27001: Information Security Management Systems (ISMS)
  • ISO 27017: Cloud-specific security control guidance
  • ISO 27018: Protection of Personally Identifiable Information (PII) in public clouds
  • ISO 9001: Quality management systems
  • SOC1
  • SOC2
  • SOC3
  • PCI DSS 3.2

All of Amazon’s AWS services are GDPR-compliant.

More information is available through the following links:

https://d0.awsstatic.com/whitepapers/compliance/AWS_Compliance_Quick_Reference.pdf
https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/
https://aws.amazon.com/compliance/

Latest from our blog

  • How Knowmad Uses Databox to Save 15+ Hours Per Month and Foster Long-Term Client Relationships
    January 15, 2021
  • 4 Things You Should Include in Your Annual Marketing Report
    January 15, 2021

Popular Blog Posts

  • What is a KPI?
  • SMART Goal Tracker
  • Marketing Report Templates
  • Google Analytics Dashboards
  • Google Search Console SEO
  • Website Performance Metrics
  • SaaS Metrics
  • Google Analytics KPIs

Main Tools

  • Business Dashboards
  • Dashboard Integrations
  • Dashboard Templates
  • Calculate Metrics
  • Build Dashboards
  • Metric Tracking
  • Goal Tracking
  • KPI Scorecards
  • KPI Alerts
  • Desktop, Mobile & TV

More Features

  • TV Dashboards
  • Mobile Dashboards
  • Dashboards in Slack
  • White Label Dashboards
  • Client Reporting

POPULAR DASHBOARD TEMPLATES

  • Facebook Ads Dashboard
  • Social Media KPI Template
  • Facebook Ads & Google Ads Dashboard
  • Shopify Analytics Dashboard
  • Google Analytics KPI Dashboard
  • SEO Dashboard
  • Quickbooks Dashboard
  • Mobile Analytics Dashboard

Company

  • About
  • Careers
  • Contact
  • Blog
  • We're Hiring!

Customers

  • System status
  • Case studies
  • Knowledgebase
  • Training
  • API Documentation
  • Start a Chat
2021 © Databox, Inc. All Rights Reserved.
Terms of Service Privacy Policy
Connect with us: