This page provides information about how we secure and protect data
B6 Cloud uses a reliable physical infrastructure and runs on a secure network that's built around data security to ensure that your information remains private, secure and available. Our servers are hosted on Amazon Web Services platform. As of this date, AWS has certifications for compliance with ISO/IEC 27001:2013, 27017:2015 and 27018:2014, is certified as a PCI DSS 3.2 Level 1 Service Provider, and undergoes SOC 1, SOC 2 and SOC 3 audits (with semi-annual reports).
Global access rules allow admins to set permission levels for everyone in the organization, and project-level access controls allow permission levels to be set for application types.
B6 Cloud stores passwords using BCrypt with unique salts.
We ensure high availability with automated and manual testing, regular performance benchmarking, production logging and alerts, fast continuous deployments, and industry-standard cloud infrastructure.
Network and application security
Hosting and storage
B6 Cloud services and data are hosted in Amazon Web Services (AWS) facilities (us-east-1) in the US East (N. Virginia) within a virtual private network that cannot be accessed via the public internet, except via our public-facing proxy servers. All data is encrypted at rest via AWS RDS AES-256 Encryption.
Data is encrypted while moving between us and the browser with Transport Level Security (TLS). We score an ‘A+’ rating on Qualys SSL Labs‘ tests.
Backups & monitoring
We use AWS RDS’ backup solution for datastores that contain customer data. Data is automatically backed up every 10 minutes, and we keep daily backups for 14 days.
All payments made to us go through our payments provider, Stripe. Details about their security setup and PCI compliance can be found on Stripe’s security page.
Other security features
All employee and contractor agreements include a confidentiality clause.
We work with the following companies and tool systems to store, analyze, and transmit data for our users. They've been carefully vetted for best-in-class security practices.