Success is built on trust

And trust starts with information. On this page, you can read about HeroBase’s security measures and how we ensure that we are in compliance.

We guarantee that your data is in safe hands with us!

ISAE 3000 and ISAE 3402

Is HeroBase GDPR compliant?

Yes, HeroBase is GDPR and ISO27001 compliant. In September 2018, we obtained a spotless ISAE 3402 statement. We were also proud receivers of an ISAE 3000 – with an equally “clean” conclusion in December 2018.
Read our ISAE 3402 report here
Read our ISAE 3000 report here
Hero Infrastructure

Data Hosting

Physical servers are hosted in our physical data centers in Denmark, and we are working on establishing second and third failover sites for our web application, which would be the AWS data centers in Frankfurt, Germany, and Dublin, Ireland.

Production data is hosted in EU-based data centers only, and no data ever leaves the European Union.

The overall architecture and security setup is illustrated in right side off the screen (Click this link to see full size)

Hero Infrastructure

Security Precautions

Include, but are not limited to:
  • All data protected behind multiple firewalls
  • Databases not available via the public internet, only via VPN
  • All data transfer takes place over HTTPS only
  • Fail2ban is in place in front of publicly exposed services
  • All network traffic is monitored, logged and analyzed in real-time, alerting relevant personnel if abnormal patterns are detected
  • Users authenticate using instance name, username and password
  • IP restrictions can be applied, meaning that logins will only be authenticated when they originate from a list of IP addresses specified by you
  • Multi-Factor Authentication can be applied to all Hero Outbound users

How can HeroBase assist in your GDPR compliance efforts?

Hero Outbound compliance features include:
  • Easily specifying an interval for auto-deletion of your data stored in our platform
  • Leads can be black-listed to avoid future contact
  • Logs of all interactions with businesses or private individuals are easily searchable and accessible from the frontend
  • All actions within our platform – including data exports – are logged.