Customer engagement is
built on Trust. We are too.

We’re committed to keeping your information safe

Base is committed to the security of our customers and their data. As a cloud-based company entrusted with some ofyour most valuable data – aka your customers’ data – we are focused on keeping you and your data safe. Base undergoes periodic penetration testing, and encrypts data at rest and in-transit. Our customers entrust sensitive data to our care. Keeping customer data safe is our priority.

Security-ans-Privacy

We’re SOC 2 Type 2 compliant

Our SOC 2 Type 2 report attests to the security controls we have in place as they map to Trust Service Principles established by the American Institute of Certified Public Accountants (AICPA). We introduced a multi-tenant spaces approach where each space is fully isolated across companies and teams.

This approach adheres to advanced access control measurements of who can share, watch or create content and with whom; within and outside your organization. We’re also GDPR & CCPA compliant. We’re also CCPA compliant and adhere to all GDPR requirements.

Untitled design (22)
Untitled design (23)
Untitled design (24)

Infrastructure & application that are secure and reliable

Base services and data are hosted in Amazon Web Services (AWS) facilities. We built our platform with disaster recovery and business continuity in mind. All of our infrastructure and data centers are spread across different AWS availability zones and will continue to work should any one of those data centers fail.

On an application level, we produce audit logs for all activity and use AWS for archival purposes. All actions taken on production consoles or in the Base application are logged. Access to customer data is limited to authorized employees who require it for their job. Base is served 100% over https. We have SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on AWS and Base to ensure access to cloud services is protected.

Layer_1

Encryption

All data sent to or from Base is encrypted in transit using 256 bit encryption. We encrypt data at rest using an industry-standard AES-256 encryption algorithm.

Layer_1-1

Pentests and Vulnerability Scanning

Base uses third-party security tools to continuously scan for vulnerabilities.

Our dedicated security team responds to issues raised.

Annually we engage third-party security experts to perform detailed penetration tests on the Base application and infrastructure.

Layer_1-2

Incident Response

Base implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.

A Secure Platform

sso

SAML Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials.

Uptime

We have an uptime of 99.9% or higher. You can check our past month stats here.

Permissions

We enable permission levels within the app to be set for your teammates. Permissions can be set to include app settings, billing, user data or the ability to send or edit messages.

PCI Obligations

All payments made to Base go through XXXXXX Details about their security setup and PCI compliance can be found at XXXX’s security page.

A Team with Security at Heart

Training

All employees complete an Information Security & Privacy awareness training annually. Base maintains an auditable log of all employee training.

Employee Vetting

All employees complete an Information Security & Privacy awareness training annually. Base maintains an auditable log of all employee training.

Policies

Base has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees. Base maintains a published information security program containing documented policies, controls and implementation guidance that are reviewed periodically.

Confidentiality

All employee contracts include a confidentiality agreement. Key data and information can be accessed only by those authorized to do so.
  ISO 27001

ISO 27001 Information Security Certification

Base received the International Organization for Standardization Certification for Information Security (ISO 27001:2013).

The audit evaluated Base information security management system from product, infrastructure and organizational aspects, and verified that Base has the necessary information security controls in place to ensure the confidentiality, integrity and availability of sensitive information assets.

  ISO-27018-Certified

ISO 27018 Personal data Protection (PII)

ISO 27018 is a standard that focuses on protection of personal data in the cloud. It is based on ISO information security standard 27002 and provides implementation guidance on ISO 27002 controls applicable to public cloud personally identifiable information (PII).

It also provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO 27002 control set. Alignment demonstrates to customers that Base has a system of controls in place that specifically addresses the privacy protection of their content. Base’s alignment (as verified by a third-party assessment) with this internationally recognized code of practice demonstrates Base’s commitment to the privacy and protection of customers’ content. By following the standards of ISO/IEC 27001 and the code of practice embodied in ISO/IEC 27018:2014, Base demonstrates that its privacy policies and procedures are robust and in line with its high codes of practice, namely: Base customers can know where their data is stored. Customer data won’t be used for marketing or advertising without explicit consent. Base customers know what’s happening with their PII. Base will comply only with legally binding requests for disclosure of customer data.

  ISO-27017-Certified

ISO 27017 Cloud Specific Controls

ISO 27017 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO 27002 and ISO 27001 standards.

ISO 27017 provides guidance on the information security aspects of cloud computing, recommending the implementation of cloud-specific information security controls that supplement the guidance of the ISO 27002 and ISO 27001 standards.

  1-star logo-91

Security Trust Assurance and Risk

Based on our assessment within the Cloud Controls Matrix, we are listed on the Security Trust Assurance and Risk (STAR) registry, which encompasses key principles of transparency, rigorous auditing, and cloud security best practices. You can see the Base listing here.