PlaybookUX Security Center

Welcome to the security and privacy center! View all terms and policies here. If you have any questions, please contact us through our chatbot or email hello@playbookux.com

Overview

Hosting (US & Europe)

We provide two hosting options for our clients. When signing on with PlaybookUX, you are given the choice between hosting data with

– Amazon Web Services in Virginia, United States https://aws.amazon.com/compliance/soc-faqs/

– Google Cloud Services in Frankfurt, Germany https://cloud.google.com/security/compliance/soc-2/

Both data centers are SOC2 Type II certified and in a safe environment.

Security Program: OWASP

Our company bases its security program on OWASP. Our security program covers the following but not limited to: Information classification and protection, access control, software development, compliance with laws and regulations, security in Human Resources, acceptable use of information IT devices, authorized/unauthorized use and disclosure of data, incident management and response procedures for both security and privacy incidents, retention and destruction of data. To request a copy of our internal security procedures document, please email hello@playbookux.com.

Data Protection Officer

We have a data protection officer who is a member of our staff and is accountable and responsible for managing information security. Please contact hello@playbookux.com for information on contacting our Data Protection Officer.

GDPR

We are fully GDPR compliant. Please read our privacy policy here for more information.

PCI DSS

Our organization is PCI DSS compliant. All payments route through Stripe, our payment processor.

Encryption

We only use strong cipher suites and have features such as Perfect Forward Secrecy fully enabled. Our API and application endpoints are TLS/SSL. Our data in transit and data at rest are encrypted with secure algorithms. All SSL certifications are issues by Amazon Web Services.

– Data in transit: SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256

– Data at rest: AES-256 encrypted

Virtual Private Cloud

All of our servers are contained within our own virtual private cloud (VPC) with network access control lists (ACLs) which prevent unauthorized requests getting to our internal network.

Incident Response Plan

Our IT & security team perform rotation shifts (24 hours per day, 7 days per week) and has a thorough escalation policy.

Permissions & Authentication

Access to customer data is restricted to authorized employees who require it for their job role. PlaybookUX operates 100% over https. There are not corporate resources nor additional privileges from being on PlaybookUX’s network.

We have 2-factor authentication (2FA) and strong password requirements for Google, AWS, Github and Google Cloud Services to ensure access to cloud services are protected. 

Daily Monitoring, High Availability & Daily Backups

– We continuously monitor our servers to prevent interference and access from outside intruders. Our IT team regularly reviews the logs and notifies the team of any security concerns. Please request the latest scan results by emailing hello@playbookux.com.

– Our uptime is 99.999% YTD

– We perform backups daily.

Permanent Deletion

Customers have the option to permanently delete their data from PlaybookUX. Data can be restored up to 30 days after deletion.

Data Request

We do not share your data with third parties. If requested, we can provide a copy of your data in a readable and usable format within 3 business days.

Data Privacy

Your data is yours. PlaybookUX does not sell or rent any customer information or information provided to us. For more information, please review our privacy policies. https://www.playbookux.com/privacy-policy-company/.

Employee Training & Confidentiality

– All PlaybookUX employees, contractors and vendors have passed background checks.

– The aforementioned parties sign confidentiality clauses

– Security procedures are updated frequently and distributed to all employees

– All employees undergo annual Security & Awareness training

Documents

Non Disclosure Agreement (NDA)

Our testers agree to keep your testing assets private.

Tester Privacy Policy

Read how we protect your privacy.

Tester Terms of Service

View our terms of service. By using our platform, you agree to abide by them.

Company (Client) Privacy Policy

Read how we protect your privacy.

Company (Client) Terms of Service

View our terms of service. By using our platform, you agree to abide by them.

Data Subprocessors

Learn how your data is processed and who we’ve signed data processing agreements with.

GDPR Privacy Policy

PlaybookUX is GDPR compliant.

Promo Code Terms

Read about our promo code conditions.

Start getting user feedback today