Overview
SafeBase helps B2B SaaS companies close enterprise deals faster by streamlining the security assessment process. We take security seriously and have a dedicated internal security team. Our security team's controls and policies are detailed on this Trust Center. Email us at security@safebase.io if you have any additional questions not answered by this Portal.
Compliance

Documents
Risk Profile
Product Security
Reports
Self-Assessments
Infrastructure
Data Security
App Security
Legal
Data Privacy
Access Control
Endpoint Security
Network Security
Corporate Security
Policies
Security Grades
Knowledge Base
- Does your organization have a Data Classification Policy?
- Does your organization have an Internal and External Communication Policy?
- Does your organization have a BYOD Policy?
- Does your organization have a Business Continuity Policy?
- Does your organization have a Backup Policy?
Trust Center Updates
The SafeBase Security Team is happy to announce that we have 2 new Self-Assessment documents available to review:
- MVSP: Minimum Viable Secure Product baseline standard created by folks from leading companies such as Google, Okta, and SafeBase.
- VSAQ: Vendor Security Assessment Questionnaires from the team at Google.
Both of these can be found in our Trust Center under the Self-Assessments card.
While we are carefully monitoring the situation involving California banking regulators closing SVB Financial Group and appointment of the FDIC as receiver on March 10, SafeBase does not have any deposits or other relationship with SVB and we have no reason to believe our financial position will be impacted by this news.
-Al Yang, CEO SafeBase
The SafeBase team has uploaded refreshed versions of our CAIQ/SIG/VSA questionnaires, as well as our network diagram, with updated information that is accurate as of December 28, 2022. These documents are now available to download.
After careful review of our infrastructure and SBOM, the SafeBase team has determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022.
As a helpful resource, you can use this page to determine if certain widely used software in your environment is affected or unaffected: https://github.com/NCSC-NL/OpenSSL-2022/blob/main/software/README.md
SafeBase engaged NCC Group for a comprehensive web application security pentest for our web application and customer facing API. An executive summary is now available on our Trust Center.
SafeBase's SOC 2 Type 2 report for the 12 month monitoring period ending in May 2022 is now available to request and download from our Trust Center.
This is a notification that we have added a new Subprocessor:
Name: Flatfile
Location: United States
Website: https://flatfile.com/
Purpose: We have updated our Knowledge Base to use an updated version of Flatfile's data importer with additional features. This version requires server side processing. The previous version of Flatfile ran client side only. Note that this will only affect customers who import files into the SafeBase Knowledge Base. If you do not currently use this feature, this will not affect your usage of the SafeBase platform at this time.
DPA signed: Yes
While the SafeBase product allows customers to authenticate using Okta, we ourselves do not use Okta internally. As a result, at this point in time, we do not have any reason to believe we were affected. Please reach out to us at security@safebase.io if you have any further questions or concerns.
Kevin Qiu
Director of Information Security
SafeBase
As a part of a recent release, we have updated our Security Portal with a list of notable customers who are using SafeBase's Smart Trust Center to proactively build trust and improve sales cycles.
All SafeBase vendors now have the ability to add their own trusted customers to their Security Portal to help instill additional confidence with prospective buyers.
Reach out to support@safebase.io with any questions!
As you may have seen in the news over the weekend, a recent major security vulnerability was discovered with the popular logging utility Log4j.
After reviewing our logs, communicating with our vendors, and reading all the information that is publicly available as of Tuesday, December 28, 2021, we have no reason to believe that any SafeBase internal or customer data has been affected at this point in time. Should this change, we will communicate this to you as soon as we are able to.
As it stands, none of our code is written in Java, nor do we use any Apache tools throughout our entire tech stack.
As an additional reminder, our Subscribe feature is available as a means to send updates such as these to customers. You can Subscribe to SafeBase updates yourself at the top of this Security Portal. In the near future, we will be releasing a new feature in which you will be able to post a public notice about high impact breaches such as this one.
Please feel free to reach out to us at security@safebase.io if you have any questions or concerns.
If you need help using this portal, please contact our Cybersecurity Risk team.
If you think you may have discovered a vulnerability, please send us a note.