We put data security and customer privacy as our top priority.
CommBox offers enterprise-grade security capabilities that ensures full encryption on rest of sensitive information. Our bulletproof security is packed with features that offer secure transport of data as well as automatic identification and obfuscation of sensitive information, IP whitelisting, advanced data filtering, flexible deployment models (cloud, private cloud, and on-premise), and much more.
Product Security
Single sign-on (SSO) – Permits user authentication in the system without forcing them to type in additional sign-in credentials.
Additionally, within the SSO we support SAML, LDAP, and AD.
Additionally, within the SSO we support SAML, LDAP, and AD.
Two factor authentication (2FA) - Two-step verification and authentication process used as an extra layer of security. It will send an SMS message to the stored phone number of the user with a one-time code after password typed in to verify the user identity.
Password storage - CommBox use a password complexity standard and credentials are stored using a PBKDF2 function. PBKDF2 are key derivation functions with a sliding computational rate, used to reduce vulnerabilities to brute force attacks.
Permissions – CommBox allows permission level within the platform to be set for system admins and managers. Each agent can assign with multiple permissions such as: channels, modules, general settings, and more.
Access restriction - Access to the system can only be restricted through authorized IP addresses. Additionally, user actions can be tracked in the system.
Integration – The integration process is done in REST. The integration between CommBox and the customer is done through a unique token and HTTPS secure server.
Network & Application Security
Data Hosting and Storage – CommBox platform and data are hosted in Amazon Web Services (AWS) facilities EU (west1) in Ireland.
Recovery plan – CommBox have a well-planned recovery plan. All the information is in a formal document that we can provide by demand.
Backup - All data is stored on two separate servers (production + backups) on AWS server farm. All information is backed up on the backup server up to two weeks back. In case the production server is unavailable, the backup server is available with the entire data.
Encryption - All data traffic passed through CommBox is encrypted in transit using 256-bit encryption. Our API and application endpoints are TLS/SSL and score an “A” rating. Additionally, CommBox encrypt data at rest using an industry-standard AES-256 encryption algorithm for maximum security.
Added Security Features
GDPR compliance – CommBox complies with the EU GDPR (European Union General Data Protection Regulation) framework as set forth by the European Union regarding the collection, use, and retention of personal data from European Union member countries. CommBox has certified that it adheres to the requirements of notice, choice, onward transfer, security, data integrity, access and enforcement. Official documents are available by demand.
Privacy protection law – CommBox manage security and control measures under the Privacy Protection Law. CommBox manage a registered database. Our data base registration number: 600010836.
Confidentiality - We sign and undertake to sign every NDA (nondisclosure agreement).
All CommBox employees are signed on a general document commitment to maintaining confidentiality.
All CommBox employees are signed on a general document commitment to maintaining confidentiality.
DPA - See CommBox Data Processing Agreement - DPA