Enterprise-grade security and compliance

All data transfer to and from our Cloud services is encrypted with Transport Layer Security (TLS). Stormboard's implementation of TLS uses strong ciphers and protocols by default.

Data is encrypted at rest according to the level of your team's subscription. If you'd like to talk more about encryption or your company's data management requirements, we're here to help.

The Stormboard Team performs thorough internal quality assurance testing. We also annually (at minimum) contract certified security professionals to conduct an extensive security audit (penetration test and web application vulnerability tests) of Stormboard.

If you find a vulnerability in one of our services, please report it to security@stormboard.com.

We use the industry's gold standard hosting provider, Amazon Web Services (AWS) to host all of Stormboard's services.

You can read more about their security here.

Stormboard uses Stripe for all payment processing, which means that we never store any of your credit card data. You can learn more about their security policies and PCI compliance here.

An integral part of the information security program, Stormboard conducts thorough and timely risk assessments. These assessments examine any potential threats and vulnerabilities to the confidentiality, integrity, and availability of Customer Data that is stored, transmitted, and/or processed for its Customers. We then develop strategies to efficiently and effectively mitigate the risks identified in the assessment process.

Also, known as 2FA, Two-Factor Authentication is available to all Stormboard users and is an extra step to the login that adds an extra layer of protection to your account. Without 2FA, you only enter your username and password. With 2FA, an extra step has you enter an authentication code from an authenticator app. Learn more here.

Access to Stormboard’s systems, and your data, is restricted to only those who need access in order to provide you with the best support possible.

Other security measures include:

• Background checks for our employees

• Signed confidentiality agreements

• Termination/access removal processes

• Acceptable use agreements

Security is the responsibility of everyone who works at Stormboard, and it is taken seriously.

We train all of our employees so that they can identify security risks, and are empowered to take action if necessary.

Enterprise servers are kept up-to-date and secure, just like Stormboard’s shared servers are, and geographic hosting is available to help with regulatory and privacy concerns.

We can host your Single Tenant Edition in your choice of regions: USA , Ireland, Germany, UK, France, Japan, Singapore, Australia or India.

Stormboard is monitored not only for system availability but for data breaches and other anomolies. Stormboard staff are instantly notified of any suspicious activity.

Check our status ➔

Stormboard stores all customer data on fully redundant storage systems, and utilize a multi-tiered backup approach. Customer data is backed up offsite during a nightly full system backup.

Every Stormboard service has been designed to be highly available using AWS Autoscaling Groups and Multi-AZ Deployments.

Impaired services automatically failover to reduce downtime.

Stormboard maintains and follows formal change management processes to ensure highly qualified, stable and well-performing code.

All changes to the production environment are risk assessed, logged, approved, and implemented by a dedicated team.

Any security related incidents such as data breaches, compliance issues, or any other complaint or concern should be reported immediately to support@stormboard.com.

All incidents are tracked by operations management until resolved, and closed incidents are reviewed by operations personnel for appropriate resolution.