PlaybookUX Security Center
Welcome to the security and privacy center! View all terms and policies here. If you have any questions, please contact us through our chatbot or email hello@playbookux.com
Overview
ISO 27001 & 27701 Certified
PlaybookUX is ISO 27001 & 27701 certified. This demonstrates that PlaybookUX has the necessary controls in place to mitigate the risks related to security, availability and confidentiality.
SOC 2 Type II Certified
Our recent SOC 2 Type II demonstrated that PlaybookUX has controls in place related to security, availability and confidentiality. Our reporting period concluded July 1st 2024. PlaybookUX is committed to annual SOC 2 audits. Customers interested in attaining our recent SOC 2 Type II report should contact hello@playbookux.com.
Hosting
When signing on with PlaybookUX, your data is hosted with Amazon Web Services in Virginia, United States (us-east-1).
EU hosting is available upon request and is located in Ireland, Europe (eu-west-1)
https://aws.amazon.com/compliance/soc-faqs/
The data center is SOC2 Type II certified and in a safe environment.
Security Program: OWASP
Our company bases its security program on OWASP. Our security program covers the following but not limited to: Information classification and protection, access control, software development, compliance with laws and regulations, security in Human Resources, acceptable use of information IT devices, authorized/unauthorized use and disclosure of data, incident management and response procedures for both security and privacy incidents, retention and destruction of data. To request a copy of our internal security procedures document, please email hello@playbookux.com.
We have a data protection officer who is a member of our staff and is accountable and responsible for managing information security. Please contact hello@playbookux.com for information on contacting our Data Protection Officer.
Penetration Testing
PlaybookUX uses third party security tools to continuously scan our platform for vulnerabilities. We engage annually with third-party security experts to perform thorough penetration tests on the PlaybookUX application.
GDPR
We are fully committed to GDPR regulations. Please read our privacy policy here for more information.
CCPA
We comply with CCPA regulations. Please read the CCPA notice here.
HIPAA
All of our user data is stored on Google Cloud Platform & Amazon Web Services which are both fully HIPAA compliant.
Google Cloud Platform HIPAA Policy: https://cloud.google.com/security/compliance/hipaa-compliance/
Amazon Web Services HIPAA Policy:
https://aws.amazon.com/compliance/hipaa-compliance/
PlaybookUX has a Business Associate Agreement (BAA) with both Google Cloud Platform & Amazon Web Services. A Business Associate Agreement is required by law for HIPAA compliance.
PCI DSS
Our organization is PCI DSS compliant. All payments route through Stripe, our payment processor.
Encryption
We only use strong cipher suites and have features such as Perfect Forward Secrecy fully enabled. Our API and application endpoints are TLS/SSL. Our data in transit and data at rest are encrypted with secure algorithms. All SSL certifications are issues by Amazon Web Services.
– Data in transit: SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
– Data at rest: AES-256 encrypted
Virtual Private Cloud
All of our servers are contained within our own virtual private cloud (VPC) with network access control lists (ACLs) which prevent unauthorized requests getting to our internal network.
Incident Response Plan
Our IT & security team perform rotation shifts (24 hours per day, 7 days per week) and has a thorough escalation policy.
Permissions & Authentication
Access to customer data is restricted to authorized employees who require it for their job role. PlaybookUX operates 100% over https. There are not corporate resources nor additional privileges from being on PlaybookUX’s network.
We have 2-factor authentication (2FA) and strong password requirements for Google, AWS, Github and Google Cloud Services to ensure access to cloud services are protected.
Daily Monitoring, High Availability & Daily Backups
– We continuously monitor our servers to prevent interference and access from outside intruders. Our IT team regularly reviews the logs and notifies the team of any security concerns. Please request the latest scan results by emailing hello@playbookux.com.
– Our uptime is 99.999% YTD
– We perform backups daily.
Permanent Deletion
Customers have the option to permanently delete their data from PlaybookUX. Data can be restored up to 30 days after deletion.
Data Request
We do not share your data with third parties. If requested, we can provide a copy of your data in a readable and usable format within 3 business days.
Data Privacy
Your data is yours. PlaybookUX does not sell or rent any customer information or information provided to us. For more information, please review our privacy policies. https://www.playbookux.com/privacy-policy-company/.
Employee Training & Confidentiality
– All PlaybookUX employees, contractors and vendors have passed background checks.
– The aforementioned parties sign confidentiality clauses
– Security procedures are updated frequently and distributed to all employees
– All employees undergo annual Security & Awareness training
Subscribe to our status page
– Stay up to date and receive notifications about downtime & security incidences https://playbookux1.statuspage.io/
Documents
Non Disclosure Agreement (NDA)
Our testers agree to keep your testing assets private.
Tester Privacy Policy
Read how we protect your privacy.
Tester Terms of Service
View our terms of service. By using our platform, you agree to abide by them.
Company (Client) Privacy Policy
Read how we protect your privacy.
Company (Client) Terms of Service
View our terms of service. By using our platform, you agree to abide by them.
Data Subprocessors
Learn how your data is processed and who we’ve signed data processing agreements with.
Data Processing Agreement
This document defines how we process our client’s data
GDPR Privacy Policy
PlaybookUX is GDPR compliant.
CCPA Notice
PlaybookUX complies with CCPA regulations.
Acceptable Use - Upload Research
Conditions for uploading research into the PlaybookUX platform
Start getting feedback today