Security Policies & Procedures

Databook offers financial analysis of the largest companies in the world. Users leverage the Databook platform by linking their CRM accounts to improve the user experience, allowing for quick imports of accounts and ongoing updates without having to login again. Users might also pay for their subscriptions online using their credit cards.

Databook takes security procedures very seriously and is committed to creating the most robust and secure platform for its users.

Payment Processing

Databook’s payment processing is handled by Chargebee, a PCI-DSS Level 1 Service Provider. Payment details are securely stored on Stripe, which has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. No payment data is ever stored on Databook’s databases and the actual credit card information is tokenized through Stripe, never passing through our web servers.

Vulnerability Scanning & Patching

We periodically check and apply patches for third party services and software dependencies. Found vulnerabilities are patched instantly. Dependencies that cannot be patched are replaced with newer versions or different packages. Security is a big concern when selecting third party services or software.

Web and Mobile Application Security

Databook applications follow the latest security standards, including protection for OWASP Top 10 among many other types of attacks.

Cloud

Databook’s physical infrastructure is managed by Heroku and hosted within Amazon’s secure data centers (AWS). AWS continually undergoes assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

Network Security

Several procedures have been setup at the network level including the following:

Data Storage & Redundancy

Data is stored in redundant locations and is continuously backed up to prevent any data loss. Database servers can only be accesses through encrypted channels and all operations are logged.

If you have any questions regarding our security policies and procedures, please contact us via email at [email protected]