1. Boople Security Policy
At Boople, our highest priority is the security and privacy of our customers' data. We have designed our cloud-based psychological safety platform with cutting-edge security in mind by leveraging the robust infrastructure and controls provided by industry-leading front-end and back-end providers. This security policy outlines the comprehensive measures we take to protect your information.
2. Data Encryption
All user data, including account information, project details, comments, and uploaded files, are encrypted in transit using industry-standard TLS 1.2 or higher. Data at rest is encrypted using AES-256, providing an additional layer of protection.
3. Data Storage Locations
Boople partners with leading frontend and backend providers to process and store data in secure, geographically distributed facilities:
- Other backend services are provisioned on Google infrastructure with data stored primarily in Australia, benefiting from Google's world-class physical and logical security
- Our front-end processes and stores data in Australia and other jurisdictions where it maintains highly secure, state-of-the-art facilities
- Some endpoints may store logs for 30 days prior to being purged in the interests of preventing illegal and fraudulent activity, misuse and abuse
This distributed infrastructure enables high performance, low latency, and robust data redundancy across regions. For more details, please refer to our frontend and backend provider security documentation (available at request).
4. Granular Access Controls
Access to customer data is strictly limited to authorised Boople personnel on an as-needed basis to provide services and support. All access is logged, audited, and promptly revoked when no longer necessary. Boople employees undergo thorough background checks and security training.
Additionally, Boople provides role-based access control (RBAC) tools, allowing customers to set granular permissions and control data access within their own organisations.
5. Multilayered Network and Application Defense
Boople leverages the global infrastructure of our frontend and backend providers to efficiently process data closest to you. This may involve transferring your information across borders. Regardless of where your data resides, we apply the same high standards of privacy and security. We also maintain compliance with international data transfer frameworks like the EU-US Privacy Shield.
- Multiple perimeters of firewalls to filter unauthorised traffic
- Web application firewall (WAF) to block common attack patterns
- Automatic DDoS mitigation with dedicated incident response teams
- Rigorous third-party penetration testing and vulnerability scanning
- Frontend edge-based caching and Anycast routing for additional resilience
6. High Availability and Disaster Recovery
Boople is architected for maximum uptime, resilience, and quick disaster recovery:
- Redundancy across multiple availability zones and geographic regions
- Automatic failover to the nearest healthy region during incidents or outages
- Continuous data backup and geographically distributed replication
- Regular disaster recovery and business continuity exercises
7. Compliance and Certifications
Boople benefits from the extensive security and privacy compliance maintained by leading frontend and backend infrastructure providers, including:
- ISO 27001 - Information Security Management
- SOC 2 - Security, Availability & Confidentiality
- PCI DSS - Payment Card Industry Data Security
- HIPAA - Health Insurance Portability and Accountability Act
- GDPR - EU General Data Protection Regulation
- CCPA - California Consumer Privacy Act
These certifications undergo regular third-party audits to ensure the highest standards of data protection and privacy.
8. Vulnerability Reporting
We greatly appreciate the security research community's help in keeping Boople secure. If you discover any potential vulnerabilities in Boople's platform, please submit a detailed report to security@boople.ai. We commit to timely triage, clear communication, and quick remediation of verified issues.
9. Changes to this Policy
We may periodically update this security policy as we continue to evolve our practices and incorporate new security technologies. The latest version will always be posted at boople.ai/security.
For any questions about Boople's security practices, please contact hello@boople.ai. We're dedicated to transparency and building trust with our valued customers.