Trust Center

Start your security review
View & download sensitive information
Search items
ControlK

Overview

SafeBase helps B2B SaaS companies close enterprise deals faster by streamlining the security assessment process. We take security seriously and have a dedicated internal security team. Our security team's controls and policies are detailed in this Trust Center. If you have any additional questions or concerns, please email us at security@safebase.io

Compliance

CCPA Logo
CCPA
CSA STAR Logo
CSA STAR
GDPR Logo
GDPR
SOC 2 Logo
SOC 2
Start your security review
View & download sensitive information

SafeBase is Trusted By

Asana-company-logoAsana
Jamf-company-logoJamf
Palantir Technologies-company-logoPalantir Technologies
Crossbeam-company-logoCrossbeam
Ramp-company-logoRamp
Postman-company-logoPostman
ClickUp-company-logoClickUp
Abnormal Security-company-logoAbnormal Security
FullStory-company-logoFullStory
Split-company-logoSplit
Mindbody-company-logoMindbody
Instacart-company-logoInstacart
Pentest Report
SOC 2
CAIQ
SIG Core
VSA Full
Network/Data Flow Diagram
CSA STAR
CAIQ Lite
MVSP
SIG
SIG Lite
VSA Core
VSAQ
Data Processing Agreement
Liability Insurance
Subprocessors
Data Privacy Impact Assessment
Acceptable Use Policy
Access Control Policy
Asset Management Policy
Backup Policy
Business Continuity Policy
BYOD Policy
Data Classification Policy
Data Security Policy
Encryption Policy
General Incident Response Policy
Information Security Policy
Other Policies
Physical Security
Risk Management Policy
Software Development Lifecycle
Vulnerability Management Policy
SafeBase W-9

Risk Profile

Data Access LevelInternal
Impact LevelModerate
Recovery Time Objective24 hours
View more

Product Security

Audit Logging
Integrations
Multi-Factor Authentication
View more

Reports

Network/Data Flow Diagram
Pentest Report
Security Whitepaper

Self-Assessments

CAIQ
CAIQ Lite
MVSP
View more

Infrastructure

Anti-DDoS
BC/DR
View more

Data Security

Access Monitoring
Backups Enabled
Data Erasure
View more

App Security

Responsible Disclosure
Credential Management
Secure Development Training
View more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
View more

Access Control

Data Access
Logging
Password Security

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Network Security

DNSSEC
Firewall
IDS
View more

Corporate Security

Employee Training
HR Security
Incident Response
View more

Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
View more

Security Grades

ImmuniWeb
app.safebase.io
A
Qualys SSL Labs
Main API Endpoint
A+
Landing Page
A
Security Headers
app.safebase.io
A

Knowledge Base

  • Description of service/product being provided.
  • List data types needed to provide services.
  • Does your organization have a Data Classification Policy?
  • Does your organization have an Internal and External Communication Policy?
  • Does your organization have a BYOD Policy?
View more

Trust Center Updates

SafeBase not affected by the XZ Utils backdoor vulnerability

VulnerabilitiesCopy link

SafeBase is not affected by the XZ Utils backdoor vulnerability.

Our security team has reviewed all OS versions deployed in our environment and confirmed that none of the impacted operating systems or versions are utilized.

For more details on this vulnerability, please visit https://nvd.nist.gov/vuln/detail/CVE-2024-3094 and https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils.

Published at N/A

SafeBase Response to Okta October Customer Support Security Incident

SubprocessorsCopy link

SafeBase is aware of the recent update that Okta provided customers regarding data leakage with the Customer Support Management System. Based on the information known to us at this time, we have deemed the impact to be minimal for SafeBase and our customers. We had already enabled Admin Session Binding, one of the recommended features suggested by Okta in their notice, as soon as it was made available in our Okta instance. In addition, we use strong, hardware-based MFA, strict session timeouts, and have regular phishing training for all employees.

Published at N/A

SafeBase not affected by HTTP/2 Rapid Reset Attack

VulnerabilitiesCopy link

Our security team has been made aware of the new HTTP/2 Rapid Reset Attack that could potentially cause a denial of service for web servers. Due to proactive mitigations by both Google Cloud and Cloudflare, none of our infrastructure has been affected to our knowledge. In addition, we confirmed that our underlying NGINX servers do not have the HTTP/2 module enabled.

For more details on this vulnerability, please visit https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack.

Published at N/A

SafeBase Acknowledgement of Retool Security Incident

IncidentsCopy link

As a precaution, the security team made the decision to rotate the connection credentials used by our Retool instance despite the Retool team confirming that our instance was not affected. We are confident that with this added step, there should have been no material impact to any SafeBase data from the Retool security incident.

Published at N/A

Hi,

As you may be aware, one of our subprocessors, Retool, recently disclosed a security incident that affected a very small number of customers: https://retool.com/blog/mfa-isnt-mfa/. To our knowledge, no SafeBase data was affected. The Retool team has confirmed that our Retool instance was not affected by this incident. We will continue to monitor this situation and will provide updates if we have any going forward.

The SafeBase Security Team

Published at N/A

SafeBase 2023 Pen Test Report Now Available

GeneralCopy link

SafeBase engaged Rhymetec to conduct an external facing pen test in August 2023. No Medium or higher findings were identified. You can access our new report and attestation through our Trust Center.

Published at N/A

New SOC 2 Type 2 Report Available for Download

ComplianceCopy link

We here at SafeBase have just completed our latest audit for SOC 2 compliance!

This new SOC 2 Type 2 report is for the 12-month monitoring period ending in May 2023. We are proud to say that no exceptions were found.

Documentation is now available in our Trust Center.

Published at N/A

SafeBase Not Impacted by MOVEit Vulnerabilities

IncidentsCopy link

Recently, the security team here at SafeBase became aware of the news surrounding a high impact MOVEit vulnerability. Reputable threat intelligence sources have reported that this incident impacts customers of this solution: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/.

We want our customers to know that SafeBase is not impacted by this vulnerability.

We do not leverage this technology/software within our product and therefore the confidentiality, integrity, and availability of our systems remain unharmed.

Published at N/A

MVSP and VSAQ Self-Assessments Now Available

ComplianceCopy link

The SafeBase Security Team is happy to announce that we have 2 new Self-Assessment documents available to review:

  • MVSP: Minimum Viable Secure Product baseline standard created by folks from leading companies such as Google, Okta, and SafeBase.
  • VSAQ: Vendor Security Assessment Questionnaires from the team at Google.

Both of these can be found in our Trust Center under the Self-Assessments card.

Published at N/A

SafeBase Not Impacted by News about SVB

IncidentsCopy link

While we are carefully monitoring the situation involving California banking regulators closing SVB Financial Group and appointment of the FDIC as receiver on March 10, SafeBase does not have any deposits or other relationship with SVB and we have no reason to believe our financial position will be impacted by this news.

-Al Yang, CEO SafeBase

Published at N/A

Q4 2022 Questionnaires and Network Diagram Update

ComplianceCopy link

The SafeBase team has uploaded refreshed versions of our CAIQ/SIG/VSA questionnaires, as well as our network diagram, with updated information that is accurate as of December 28, 2022. These documents are now available to download.

Published at N/A

SafeBase's Response to the 2022 OpenSSL 3 Vulnerabilities

IncidentsCopy link

After careful review of our infrastructure and SBOM, the SafeBase team has determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022.

As a helpful resource, you can use this page to determine if certain widely used software in your environment is affected or unaffected: https://github.com/NCSC-NL/OpenSSL-2022/blob/main/software/README.md

Published at N/A

2022 Pentest Report Now Available

ComplianceCopy link

SafeBase engaged NCC Group for a comprehensive web application security pentest for our web application and customer facing API. An executive summary is now available on our Trust Center.

Published at N/A

SafeBase SOC 2 Type 2 Report Available for Download

ComplianceCopy link

SafeBase's SOC 2 Type 2 report for the 12 month monitoring period ending in May 2022 is now available to request and download from our Trust Center.

Published at N/A

New Subprocessor Added: Flatfile

SubprocessorsCopy link

This is a notification that we have added a new Subprocessor:

Name: Flatfile

Location: United States

Website: https://flatfile.com/

Purpose: We have updated our Knowledge Base to use an updated version of Flatfile's data importer with additional features. This version requires server side processing. The previous version of Flatfile ran client side only. Note that this will only affect customers who import files into the SafeBase Knowledge Base. If you do not currently use this feature, this will not affect your usage of the SafeBase platform at this time.

DPA signed: Yes

Published at N/A

SafeBase update on Okta

IncidentsCopy link

While the SafeBase product allows customers to authenticate using Okta, we ourselves do not use Okta internally. As a result, at this point in time, we do not have any reason to believe we were affected. Please reach out to us at security@safebase.io if you have any further questions or concerns.

Kevin Qiu

Director of Information Security

SafeBase

Published at N/A

Notable Customers Added to SafeBase's Security Portal

GeneralCopy link

As a part of a recent release, we have updated our Security Portal with a list of notable customers who are using SafeBase's Smart Trust Center to proactively build trust and improve sales cycles.

All SafeBase vendors now have the ability to add their own trusted customers to their Security Portal to help instill additional confidence with prospective buyers.

Reach out to support@safebase.io with any questions!

Published at N/A

Security Update - Log4j

IncidentsCopy link

As you may have seen in the news over the weekend, a recent major security vulnerability was discovered with the popular logging utility Log4j.

After reviewing our logs, communicating with our vendors, and reading all the information that is publicly available as of Tuesday, December 28, 2021, we have no reason to believe that any SafeBase internal or customer data has been affected at this point in time. Should this change, we will communicate this to you as soon as we are able to.

As it stands, none of our code is written in Java, nor do we use any Apache tools throughout our entire tech stack.

As an additional reminder, our Subscribe feature is available as a means to send updates such as these to customers. You can Subscribe to SafeBase updates yourself at the top of this Security Portal. In the near future, we will be releasing a new feature in which you will be able to post a public notice about high impact breaches such as this one.

Please feel free to reach out to us at security@safebase.io if you have any questions or concerns.

Published at N/A

If you need help using this Trust Center, please contact us.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo