Introduction to Security & Privacy at BabbleConnect
Managing our customer data is more than just a responsibility to be met. It's something our company is truly passionate about. We believe our customer's trust is something that must be earned every day. To achieve that, we do more than just follow policies and check boxes. Rather, we instill awareness and best practices in our culture so that security and data privacy are top of mind when designing our application, managing our networks, and conducting daily business operations.
Physical Security
BabbleConnect runs on Amazon Web Services. AWS provides robust, physical data center security and environmental controls. No customer data is ever saved to permanent storage anywhere else, including by our internal engineering team.
Network Security
BabbleConnect controls access to our production networks through the use of strictly defined rules and requires multi-factor authentication and encrypted connections. We also utilize intrusion detection systems in our production network and advanced email filtering in our corporate network to identify potential security threats.
Application Security
BabbleConnect employs both internal and external testing of our product. We regularly scan source code and systems for vulnerabilities and perform necessary patching and updates based on those results.
Training and Awareness
BabbleConnect requires all employees and contractors to sign a confidentiality agreement prior to commencement. During the onboarding process, security awareness training is delivered to all new hires and we continually publicize security alerts through our internal communication channels.
Backup and Disaster Recovery
BabbleConnect utilizes geographically separate environments to ensure data availability and uptime. In the unlikely event of simultaneous failure of both environments, BabbleConnect maintains daily backups, meaning that the Recovery Point Objective (RPO) is no greater than 24 hours.
Data Protection
BabbleConnect encrypts data in transit and at rest on our servers utilizing recognized encryption protocols. At end-of-life, AWS destroys disks per NIST 800-88 standards.
BabbleConnect and the EU General Data Protection Regulation (GDPR)
BabbleConnect is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.
To learn more about our GDPR compliance, please read ourĀ GDPR Policy.