Trust Center

Start your security review
View & download sensitive information
Search items
ControlK

SafeBase helps B2B SaaS companies close enterprise deals faster by streamlining the security assessment process. We take security seriously and have a dedicated internal security team. Our security team's controls and policies are detailed in this Trust Center. If you have any additional questions or concerns, please email us at security@safebase.io

OpenAI-company-logoOpenAI
GitLab-company-logoGitLab
T-Mobile-company-logoT-Mobile
LinkedIn-company-logoLinkedIn
Asana-company-logoAsana
G2-company-logoG2

Documents

SOC 2
Risk Assessment/Management Policy
Trust Center Updates

New SOC 2 Type 2 Report Available for Download

ComplianceCopy link

We have completed our latest SOC 2 Type 2 audit! The new report is available in our Trust Center.

Published at N/A

SafeBase not affected by the XZ Utils backdoor vulnerability

VulnerabilitiesCopy link

SafeBase is not affected by the XZ Utils backdoor vulnerability.

Our security team has reviewed all OS versions deployed in our environment and confirmed that none of the impacted operating systems or versions are utilized.

For more details on this vulnerability, please visit https://nvd.nist.gov/vuln/detail/CVE-2024-3094 and https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils.

Published at N/A

SafeBase Response to Okta October Customer Support Security Incident

SubprocessorsCopy link

SafeBase is aware of the recent update that Okta provided customers regarding data leakage with the Customer Support Management System. Based on the information known to us at this time, we have deemed the impact to be minimal for SafeBase and our customers. We had already enabled Admin Session Binding, one of the recommended features suggested by Okta in their notice, as soon as it was made available in our Okta instance. In addition, we use strong, hardware-based MFA, strict session timeouts, and have regular phishing training for all employees.

Published at N/A

SafeBase not affected by HTTP/2 Rapid Reset Attack

VulnerabilitiesCopy link

Our security team has been made aware of the new HTTP/2 Rapid Reset Attack that could potentially cause a denial of service for web servers. Due to proactive mitigations by both Google Cloud and Cloudflare, none of our infrastructure has been affected to our knowledge. In addition, we confirmed that our underlying NGINX servers do not have the HTTP/2 module enabled.

For more details on this vulnerability, please visit https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack.

Published at N/A

SafeBase Acknowledgement of Retool Security Incident

IncidentsCopy link

As a precaution, the security team made the decision to rotate the connection credentials used by our Retool instance despite the Retool team confirming that our instance was not affected. We are confident that with this added step, there should have been no material impact to any SafeBase data from the Retool security incident.

Published at N/A

Hi,

As you may be aware, one of our subprocessors, Retool, recently disclosed a security incident that affected a very small number of customers: https://retool.com/blog/mfa-isnt-mfa/. To our knowledge, no SafeBase data was affected. The Retool team has confirmed that our Retool instance was not affected by this incident. We will continue to monitor this situation and will provide updates if we have any going forward.

The SafeBase Security Team

Published at N/A

If you need help using this Trust Center, please contact us.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo