On this page, you will find a summary of Dynaboard's security controls and the steps taken to make sure your apps are safe and secure.
Last Updated: October 18, 2022
System and Organization Control 2 (SOC 2) is a report on the controls at a service organization that covers security, availability, processing integrity, confidentiality, and privacy. Dynaboard has undergone a SOC 2 Type 1 audit.
Users can authenticate into Dynaboard’s collaborative editor using either SSO or an OTP (one-time PIN) that verifies they have access to the provided email.
User created applications hosted on Dynaboard also support authorization using SSO from various providers (a complete list can be found in the application) or OTP.
Dynaboard is deployed using a multi-tenant architecture at both the platform and infrastructure layers. Access to customer provided data is segregated based on unique IDs for each user, workspace, or application.
Backups of critical systems, records, and configurations are performed frequently so that they can be used for the purpose of data recovery in the event of a disaster or media failure.
The restoration of backups are periodically tested to verify the reliability of restoring customer data in the event of a disaster or failure.
Dynaboard collects & monitors audit logs and alerts on key events stemming from production systems, applications, databases, servers, message queues, load balancers, and critical services, as well as IAM user and admin activities. Dynaboard implements SIEM based filters, parameters, and alarms to trigger alerts on logging events that deviate from established system and activity baselines.
Dynaboard schedules third party security assessments and penetration tests at least annually.
Dynaboard uses a proactive vulnerability and patch management process that prioritizes and implements patches based on potential impact classification.
Dynaboard retains customer data for as long as an account is active or in accordance with the agreement(s) between Dynaboard and the customer, unless Dynaboard is required by law to dispose of it earlier or keep it longer.
Dynaboard disposes of customer data within 30 days of a request by a current or former customer or in accordance with the Customer’s agreement(s) with Dynaboard. Dynaboard may retain and use data necessary for the contract such as proof of contract in order to comply with its legal obligations, resolve disputes, and enforce agreements.
Dynaboard hosting and service providers are responsible for (i) removing data from disks allocated for Dynaboard’s use before they are repurposed and (ii) destroying decommissioned hardware.
- In Transit: Dynaboard uses strong cryptography and security protocols (e.g. TLS 1.1+ or an equivalent protocol with a default of TLS 1.3) to safeguard sensitive data during transmission over open, public networks.
- At Rest: 256 bit and 128 bit Advanced Encryption Standard (AES-256 and AES-128) is used to encrypt data while at rest in Dynaboard systems.
Dynaboard uses infrastructure and content delivery network services provided by Google Cloud Platform (‘GCP’), Vercel, and Cloudflare to host or process Customer Data submitted to Dynaboard. Information on the security practices of GCP, Vercel, and Cloudflare can be found on their respective websites.
All Dynaboard employees are required to complete a background check.
Prior to accessing sensitive information, employees are required to sign an industry-standard confidentiality agreement protecting Dynaboard confidential information.
Dynaboard has a security awareness training program in place to promote the understanding of security policies and procedures. All employees are required to undergo training following initial employment and annually thereafter.
We take security seriously at Dynaboard. If you discover a vulnerability or would like to get in get in touch with us for any security-related reason, please email us at firstname.lastname@example.org.
During a security event or outage we will attempt to communicate with customers via three methods based on the severity of the issue: 1) our status page 2) the Dynaboard twitter account 3) via email sent to the owner of any affected project.