Skip to content
Sign In
Get a Demo
arrow-pattern-bg

Security

Security & Reliability Details

Customer trust, reliability, and data security are critical to everything we do at DebtBook.

Product Security

Password and Credential Storage

DebtBook enforces a password complexity standard for all users and stores credentials using hashing functions like bcrypt.

Single Sign-On (SSO)

Authenticate users using your own SAML-based identity provider without requiring them to enter additional login credentials. If you’re using password-based authentication, you can turn on 2-factor authentication (2FA).

2FA

In addition to password-based authentication, users can turn on 2-factor authentication (2FA) to add an additional layer of security to their account. Users can download and install an authenticator app (like Authy or Google Authenticator) on their phone or tablet capable of generating time-based one-time (TOTP) passcodes that can be manually entered after successfully provided a password.

This can be required for all members of an organization using a setting.

Permissions and Role-based Access Control

We enable permission levels within the app to be set for internal members of your organization as well as external guests that you may collaborate with. Permissions can be set to control access to certain parts of the application as well as the ability to read or write data.

Network and Application Security

Data Hosting

Our physical infrastructure is hosted and managed within Amazon Web Services (AWS) using their secure data centers. DebtBook leverages many of the platform’s built-in security, privacy, and redundancy features. AWS continually monitors its data centers for risk and undergoes assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under ISO-27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley (SOX).

DebtBook utilizes the US-East-1 region currently and distributes resources across multiple AZs.

Virtual Private Cloud

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests from getting to our internal network.

Encryption

DebtBook is served entirely over HTTPS. All data sent to or from DebtBook is encrypted in transit using 256-bit encryption. Our API and application endpoints are TLS/SSL only (v1.2). This means we only use strong cipher suites and utilize HTTP Strict Transport Security (HSTS) to ensure browsers interact with DebtBook only over HTTPS. We also encrypt data at rest using the AES-256 encryption algorithm.

Permissions and Authentication

Access to customer data is limited to authorized employees who require it for their job. We run a zero-trust corporate network so there are no corporate resources or additional privileges gained from being on DebtBook’s internal network. We utilize single sign-on, 2-factor authentication (2FA), and enforce strong password policies to ensure access to all cloud-related services is protected.

Incident Response

We have established an internal protocol for handling security events which includes escalation procedures, rapid mitigation, and documented post mortem. All employees are formally informed and presented with related policies.

Penetration Testing

DebtBook utilizes third-party security tools to scan for vulnerabilities on a regular basis. Twice yearly we engage third-party security experts to conduct detailed penetration tests on the DebtBook application and infrastructure. Our product development team immediately responds to any identified issues or potential vulnerabilities to ensure the quality and security of the application.

A letter of attestation is available upon request.

Vulnerability Scanning

DebtBook uses third party security tools to continuously scan for vulnerabilities and responds to actionable findings in a timely manner.

Vulnerability Disclosure Program

DebtBook encourages responsible disclosure of security vulnerabilities. For details on how to conduct responsible security research and report findings to DebtBook, please see our Vulnerability Disclosure Program information page.

Availability and Reliability

Uptime

We aim for an uptime of 99.9% or higher. You can check our stats around uptime and application response time by visiting https://status.debtbook.com.

Failover and business continuity

We’ve been building the DebtBook application infrastructure with continuity in mind. All of our infrastructure and data are spread across multiple AWS availability zones to ensure our application will continue to work should one of those data centers fail.

We treat infrastructure-as-code so we can easily deploy new infrastructure and application components easily in the event of a catastrophic failure. We’re planning for multi-region failover in the near future.

Data is backed up automatically daily using AWS services for restoration to a particular point-in-time.

Security and Compliance Programs

CERTIFICATIONS

SOC 1

DebtBook has established and implemented formal controls to protect client data and ensure the integrity of all outputs that may be used for financial reporting.

SOC 2

DebtBook has established and follows strict information security policies and controls which encompass the trust service categories related to security, availability, processing integrity, and confidentiality.

PEOPLE

Background checks

All DebtBook employees go through a thorough background check before hiring.

Training

We take a least-permission-required approach to the access and handling of data. While we retain a minimal amount of customer data and limit internal access on a need-to-know basis, all employees are required to review related security policies and are trained on proper data handling to ensure they uphold our strict commitment to the privacy and security of your data.

Confidentiality

All employees sign a confidentiality agreement before they start at DebtBook.

VULNERABILITY CONTROL

Mobile Device Management (MDM)

All of our employees’ machines and laptops are using mobile device management software to ensure each device follows our information security standards, including proper passwords and encryption.

Malicious software prevention

Our employees’ machines are defended by anti-virus and malware solutions.

Vulnerability management

We keep our systems up-to-date with the latest security patches and continuously monitor for new vulnerabilities through compliance and security mailing lists. This includes automatic scanning of our code repositories for vulnerable dependencies.

question-mark-icon

Security Questions?

If you have general questions about the security of the DebtBook platform, please email security@debtbook.com or contact your Customer Success Manager. If you believe you have have discovered a vulnerability in the DebtBook platform, please review our Vulnerability Disclosure Program guidelines and report your findings accordingly.

Vulnerability Disclosure Program
CTA Illustration Grouped (1) (1) (1)

Get a Firsthand Look at DebtBook

Ready to see what DebtBook can do for you? Let’s set up a personal 30-minute demo. We’ll walk you through every aspect of DebtBook, so you can see how we’re changing the game for organizations like yours.

Start changing the way you work. Schedule a demo today!

Schedule a Demo