Trust Center

Get access to this Trust Center
  • Review sensitive security details
  • Unlock documents
  • Ask for more information
  • Reclaim access anytime
Had access before? Reclaim access

Overview

SafeBase helps B2B SaaS companies close enterprise deals faster by streamlining the security assessment process. We take security seriously and have a dedicated internal security team. Our security team's controls and policies are detailed on this Trust Center. Email us at security@safebase.io if you have any additional questions not answered by this Portal.

Compliance

CCPA Logo
CCPA
CSA STAR Logo
CSA STAR
GDPR Logo
GDPR
SOC 2 Logo
SOC 2
Get access to this Trust Center
  • Review sensitive security details
  • Unlock documents
  • Ask for more information
  • Reclaim access anytime
Had access before? Reclaim access

SafeBase is Trusted By

LinkedInLinkedIn
JamfJamf
SnykSnyk
CrossbeamCrossbeam
RampRamp
PostmanPostman
ClickUpClickUp
Abnormal SecurityAbnormal Security
FullStoryFullStory
SplitSplit
MindbodyMindbody
InstacartInstacart
Pentest Report
SOC 2
CAIQ
SIG Core
VSA Full
Network/Data Flow Diagram
CSA STAR
CAIQ Lite
SIG
SIG Lite
VSA Core
Cyber Insurance
Data Processing Agreement
Subprocessors
Data Privacy Impact Assessment
Acceptable Use Policy
Access Control Policy
Asset Management Policy
Backup Policy
Business Continuity Policy
BYOD Policy
Data Classification Policy
Data Security Policy
Encryption Policy
General Incident Response Policy
Information Security Policy
Other Policies
Physical Security
Risk Management Policy
Software Development Lifecycle
Vulnerability Management Policy

Risk Profile

Data Access LevelInternal
Impact LevelModerate
Recovery Time Objective< 24 Hours
See more

Product Security

Role-Based Access Control
Audit Logging
Integrations
See more

Reports

Network/Data Flow Diagram
Pentest Report
Security Whitepaper

Self-Assessments

CAIQ
CAIQ Lite
SIG
See more

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Responsible Disclosure
Software Development Lifecycle
Credential Management
See more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Anti-DDoS
BC/DR
See more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Network Security

DNSSEC
Firewall
IDS/IPS
See more

Corporate Security

Employee Training
HR Security
Incident Response
See more

Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
See more

Security Grades

SecurityScorecard
safebase.io
ImmuniWeb
app.safebase.io
A
Qualys SSL Labs
Main API Endpoint
A+
Landing Page
A
See more

Knowledge Base

  • Does your organization have a Data Classification Policy?
  • Does your organization have an Internal and External Communication Policy?
  • Does your organization have a BYOD Policy?
  • Does your organization have a Business Continuity Policy?
  • Does your organization have a Backup Policy?
See more

Trust Center Updates

Q4 2022 Questionnaires and Network Diagram Update

Compliance

The SafeBase team has uploaded refreshed versions of our CAIQ/SIG/VSA questionnaires, as well as our network diagram, with updated information that is accurate as of December 28, 2022. These documents are now available to download.

Published at N/A

SafeBase's Response to the 2022 OpenSSL 3 Vulnerabilities

Incidents

After careful review of our infrastructure and SBOM, the SafeBase team has determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022.

As a helpful resource, you can use this page to determine if certain widely used software in your environment is affected or unaffected: https://github.com/NCSC-NL/OpenSSL-2022/blob/main/software/README.md

Published at N/A

2022 Pentest Report Now Available

Compliance

SafeBase engaged NCC Group for a comprehensive web application security pentest for our web application and customer facing API. An executive summary is now available on our Trust Center.

Published at N/A

SafeBase SOC 2 Type 2 Report Available for Download

Compliance

SafeBase's SOC 2 Type 2 report for the 12 month monitoring period ending in May 2022 is now available to request and download from our Trust Center.

Published at N/A

New Subprocessor Added: Flatfile

Subprocessors

This is a notification that we have added a new Subprocessor:

Name: Flatfile

Location: United States

Website: https://flatfile.com/

Purpose: We have updated our Knowledge Base to use an updated version of Flatfile's data importer with additional features. This version requires server side processing. The previous version of Flatfile ran client side only. Note that this will only affect customers who import files into the SafeBase Knowledge Base. If you do not currently use this feature, this will not affect your usage of the SafeBase platform at this time.

DPA signed: Yes

Published at N/A

SafeBase update on Okta

Incidents

While the SafeBase product allows customers to authenticate using Okta, we ourselves do not use Okta internally. As a result, at this point in time, we do not have any reason to believe we were affected. Please reach out to us at security@safebase.io if you have any further questions or concerns.

Kevin Qiu

Director of Information Security

SafeBase

Published at N/A

Notable Customers Added to SafeBase's Security Portal

General

As a part of a recent release, we have updated our Security Portal with a list of notable customers who are using SafeBase's Smart Trust Center to proactively build trust and improve sales cycles.

All SafeBase vendors now have the ability to add their own trusted customers to their Security Portal to help instill additional confidence with prospective buyers.

Reach out to support@safebase.io with any questions!

Published at N/A

Security Update - Log4j

Incidents

As you may have seen in the news over the weekend, a recent major security vulnerability was discovered with the popular logging utility Log4j.

After reviewing our logs, communicating with our vendors, and reading all the information that is publicly available as of Tuesday, December 28, 2021, we have no reason to believe that any SafeBase internal or customer data has been affected at this point in time. Should this change, we will communicate this to you as soon as we are able to.

As it stands, none of our code is written in Java, nor do we use any Apache tools throughout our entire tech stack.

As an additional reminder, our Subscribe feature is available as a means to send updates such as these to customers. You can Subscribe to SafeBase updates yourself at the top of this Security Portal. In the near future, we will be releasing a new feature in which you will be able to post a public notice about high impact breaches such as this one.

Please feel free to reach out to us at security@safebase.io if you have any questions or concerns.

Published at N/A

If you need help using this portal, please contact our Cybersecurity Risk team.

If you think you may have discovered a vulnerability, please send us a note.