Success is built on trust
And trust starts with information. On this page, you can read about HeroBase’s security measures and how we ensure that we are in GDPR Compliance.
We guarantee that your data is in safe hands with us!
Is HeroBase GDPR compliant?
Yes, HeroBase is GDPR and ISO27001 compliant. In September 2018, we obtained our first spotless ISAE 3402 statement. We were also proud receivers of an ISAE 3000 – with an equally “clean” conclusion in December 2018.
We have renewed our ISAE 3000 and ISAE 3402 for our Outbound and Flows solutions in November 2019. You can read the full reports below.
2019 REPORTS
Hero Outbound ISAE 3000 report here
Hero Outbound ISAE 3402-II report here
Hero Flows ISAE 3000 report here
Hero Flows ISAE 3402-II report here
In addition, HeroBase management has issued a comment on ISAE 3000 Control Point 8.8; Cryptography. You can read the full statement here.
2018 REPORTS
Hero Outbound 2018 ISAE 3402 report here
Hero Outbound 2018 ISAE 3000 report here
GDPR Compliance
Data Hosting
Physical servers are hosted in our physical data centers in Denmark, and we are working on establishing second and third failover sites for our web application, which would be the AWS data centers in Frankfurt, Germany, and Dublin, Ireland.
Production data is hosted in EU-based data centers only, and no data ever leaves the European Union.
The overall architecture and security setup is illustrated in right side off the screen (Click this link to see full size)
Security Precautions
Include, but are not limited to:
- All data protected behind multiple firewalls
- Databases not available via the public internet, only via VPN
- All data transfer takes place over HTTPS only
- Fail2ban is in place in front of publicly exposed services
- All network traffic is monitored, logged and analyzed in real-time, alerting relevant personnel if abnormal patterns are detected
- Users authenticate using instance name, username and password
- IP restrictions can be applied, meaning that logins will only be authenticated when they originate from a list of IP addresses specified by you
- Multi-Factor Authentication can be applied to all HeroBase users
How can HeroBase assist in your GDPR compliance efforts?
HeroBase compliance features include:
- Easily specifying an interval for auto-deletion of your data stored in our platform
- Leads can be black-listed to avoid future contact
- Logs of all interactions with businesses or private individuals are easily searchable and accessible from the frontend
- All actions within our platform – including data exports – are logged.