Enterprise-grade security and compliance

Your creative ideas and sensitive data are your key industry differentiators, and we work closely with your IT and legal departments to meet and exceed the exacting standards of your organization.

Giving you peace of mind to deploy at scale

Stormboard has been developed to meet and exceed the most recognized security standards and compliance requirements in the industry. This rigorous approach to security and compliance has been endorsed by leading global enterprise customers.

Security is at the core of everything we do

  • Strong Data Encryption

    All data transfer to and from our Cloud services is encrypted with Transport Layer Security (TLS). Stormboard's implementation of TLS uses strong ciphers and protocols by default.

    Data is encrypted at rest according to the level of your team's subscription. If you'd like to talk more about encryption or your company's data management requirements, we're here to help.

  • Security & Penetration Testing

    The Stormboard Team performs thorough internal quality assurance testing. We also annually (at minimum) contract certified security professionals to conduct an extensive security audit (penetration test and web application vulnerability tests) of Stormboard.

    If you find a vulnerability in one of our services, please report it to security@stormboard.com.

  • Hosted on AWS

    We use the industry's gold standard hosting provider, Amazon Web Services (AWS) to host all of Stormboard's services.

    You can read more about their security here.

  • Payment Processing

    Stormboard uses Stripe for all payment processing, which means that we never store any of your credit card data. You can learn more about their security policies and PCI compliance here.

  • Risk Management

    An integral part of the information security program, Stormboard conducts thorough and timely risk assessments. These assessments examine any potential threats and vulnerabilities to the confidentiality, integrity, and availability of Customer Data that is stored, transmitted, and/or processed for its Customers. We then develop strategies to efficiently and effectively mitigate the risks identified in the assessment process.

  • Two-Factor Authentication

    Also, known as 2FA, Two-Factor Authentication is available to all Stormboard users and is an extra step to the login that adds an extra layer of protection to your account. Without 2FA, you only enter your username and password. With 2FA, an extra step has you enter an authentication code from an authenticator app. Learn more here.

  • Operational Security

    Access to Stormboard’s systems, and your data, is restricted to only those who need access in order to provide you with the best support possible.

    Other security measures include:

    • Background checks for our employees

    • Signed confidentiality agreements

    • Termination/access removal processes

    • Acceptable use agreements

    Security is the responsibility of everyone who works at Stormboard, and it is taken seriously.

    We train all of our employees so that they can identify security risks, and are empowered to take action if necessary.

  • Data Residency

    Enterprise servers are kept up-to-date and secure, just like Stormboard’s shared servers are, and geographic hosting is available to help with regulatory and privacy concerns.

    We can host your Single Tenant Edition in your choice of regions: USA , Ireland, Germany, UK, France, Japan, Singapore, Australia or India.

Compliance

We make it a priority at Stormboard to meet your compliance obligations.

SOC 2 Certification Logo

SOC 2 Certification

Stormboard has been certified by an independent auditor and complies with the requirements of Service Organization Control (SOC) 2 Type II certification. The SOC 2 Report is a standard auditing report governed by the American Institute of Certified Public Accountants (AICPA). 

If you would like more information on this report please contact sales@stormboard.com.  

Reliability

Proven by some of the largest global companies as a trusted and durable application.

  • Continual Service Monitoring

    Stormboard is monitored not only for system availability but for data breaches and other anomolies. Stormboard staff are instantly notified of any suspicious activity.

    Check our status ➔

  • Data Retention & Backups

    Stormboard stores all customer data on fully redundant storage systems, and utilize a multi-tiered backup approach. Customer data is backed up offsite during a nightly full system backup.

  • Availability & Redundancy

    Every Stormboard service has been designed to be highly available using AWS Autoscaling Groups and Multi-AZ Deployments.

    Impaired services automatically failover to reduce downtime.

  • Quality

    Stormboard maintains and follows formal change management processes to ensure highly qualified, stable and well-performing code.

    All changes to the production environment are risk assessed, logged, approved, and implemented by a dedicated team.

  • Incident Management

    Any security related incidents such as data breaches, compliance issues, or any other complaint or concern should be reported immediately to support@stormboard.com.

    All incidents are tracked by operations management until resolved, and closed incidents are reviewed by operations personnel for appropriate resolution.

 Privacy

Protecting your privacy and intellectual property.

Your privacy is important to us, all data collected and stored follows GDPR compliance. View our Privacy Policy for a complete outline of how Stormboard manages and protects your privacy.

It is Stormboard’s policy to respect your privacy regarding any information we may collect from you in our online collaborative sticky note and whiteboard software.

Read the full Privacy Policy ➔

 Do you have a security related question?

We’re here to answer any questions you have about security at Stormboard.