fbpx
106-9R2-darkblue-01

Success is built on trust

And trust starts with information. On this page, you can read about HeroBase’s security measures and how we ensure that we are in GDPR Compliance.

We guarantee that your data is in safe hands with us!

GDPR Compliance

106-9R2-darkblue-01
isae-verified-stamps

Is HeroBase GDPR compliant?

Yes, HeroBase is GDPR and ISO27001 compliant.
 
As part of our Information Security Management System, our solutions and all aspects related to the delivery of them – from all technical and organizational measures to the entire value chain – are reviewed annually by external, independent IT auditors based on the ISAE 3402 and ISAE 3000 audit standards. You can read the full reports below.
 
2020 REPORTS
Hero Outbound ISAE 3000 report here
Hero Outbound ISAE 3402-II report here
Hero Flows ISAE 3000 report here
Hero Flows ISAE 3402-II report here
 
2019 REPORTS
Hero Outbound ISAE 3000 report here
Hero Outbound ISAE 3402-II report here
Hero Flows ISAE 3000 report here
Hero Flows ISAE 3402-II report here
 
2018 REPORTS
Hero Outbound 2018 ISAE 3402 report here
Hero Outbound 2018 ISAE 3000 report here

GDPR Compliance

Hero Infrastructure

Data Hosting

Our services are co-located across Danish data centers and AWS in Dublin and Frankfurt.

Physical servers are hosted in our racks in data centers in Denmark, and virtual servers are hosted in the AWS data centers in Frankfurt, Germany, and Dublin, Ireland.

Production data is hosted in EU-based data centers only, and no data ever leaves the European Union.

The overall architecture and security setup is illustrated in right side off the screen (Click this link to see full size)

GDPR Compliance

Hero Infrastructure

Security Precautions

Include, but are not limited to:
  • All data protected behind multiple firewalls
  • Databases not available via the public internet, only via VPN
  • All data transfer takes place over HTTPS only
  • Fail2ban is in place in front of publicly exposed services
  • All network traffic is monitored, logged and analyzed in real-time, alerting relevant personnel if abnormal patterns are detected
  • Users authenticate using instance name, username and password
  • IP restrictions can be applied, meaning that logins will only be authenticated when they originate from a list of IP addresses specified by you
  • Multi-Factor Authentication can be applied to all HeroBase users

How can HeroBase assist in your GDPR compliance efforts?

HeroBase compliance features include:
  • Easily specifying an interval for auto-deletion of your data stored in our platform
  • Leads can be black-listed to avoid future contact
  • Logs of all interactions with businesses or private individuals are easily searchable and accessible from the frontend
  • All actions within our platform – including data exports – are logged.