Security

Everything you need to know about security at Buzzle

SOC II Compliance and Certifications

Buzzle is in the process of preparing for a Service Organization Controls audit (SOC 2) with the help of a security vendor.

Privacy Policy

We understand the importance of protecting your information and we take our privacy obligations seriously. We are in compliance with all applicable privacy laws and regulations. Our Privacy Policy contains more detailed information about our privacy practices.

Application Security

Buzzle runs package dependency security scans daily as well as container vulnerability scans on a weekly basis.

As part of our software development process, we follow best practices surrounding code deployment and change order management. All code and configurations changes are required to undergo a thorough review. Changes must be deployed and validated in testing environments before deployment to production. We strive to develop code that follows OWASP (Open Web Application Security Project) best practices.

Network and System Security

Encryption is used to protect data within Buzzle systems. Data in transit utilizes 256-bit TLS encryption. Data at rest, including backups, is encrypted using Advanced Encryption Standard (AES-256).

Buzzle uses Amazon Web Services (AWS) as our cloud provider for hosting infrastructure. More information about physical security of AWS data centers can be found here.

Security updates and patches are regularly installed to keep servers up to date. Restrictive firewalls and role-based policies are used to protect Buzzle infrastructure.

Reliability and Durability

Buzzle implements extensive service monitoring and 24x7 support to ensure reliability. Geo-redundant database backups and multi-region managed-services are utilized to ensure data durability. Buzzle also maintains business continuity and disaster recovery plans in case of an emergency.

Organizational Security

All employees undergo a background check by a third party provider in accordance with local law. Security training is required annually for all employees, covering topics such as data privacy, information security, and password security.

Buzzle follows the practice of “least privilege”, meaning employees only have access to systems which are necessary to perform their job. Quarterly access reviews are conducted for each employee.

Employee computers are required to have the following configuration: full-disk encryption, strong passwords, automatic locking and enforced OS updates.

Buzzle maintains separate environments for development, staging and production.

Product Security

Customer data is hosted in a multi-tenant environment. Role-based access control is used to segregate data by customer, ensuring that customer data to is unable to be exposed to unauthorized users from other organizations.

Don't see an answer to your question?

or, if you believe you have discovered a security related issue, please contact us:


Copyright © 2022 q&ai Technologies, Inc. All rights reserved.