Our security posture ensures the confidentiality of customer information and guarantees its availability whenever needed.
Backflipt is dedicated to delivering a highly secure and reliable integration and business automation service. Our security posture ensures the confidentiality of customer information and guarantees its availability whenever needed. At Backflipt, we leverage proven, tested, and best-in-class security tools, technologies, policies, and procedures
The Service Organization Controls 2 (SOC 2) Type 2 audit is conducted by a third-party evaluator certified by the American Institute of CPAs (AICPA). This audit evaluates the effectiveness of a service organization's controls based on the AICPA's Trust Services Principles, focusing on security, availability, processing integrity, privacy, and confidentiality. Here
The Backflipt website is accessible exclusively over HTTPS, ensuring that all traffic is encrypted and protected from interception by unauthorized third parties. Backflipt adheres to current best practices for security, including the use of robust encryption algorithms.
To communicate with third-party systems, Backflipt employs secure protocols, primarily HTTPS, with support for others like SFTP and FTPS. For on-premises systems, access requires the installation of an on-premises agent behind the firewall. This agent communicates with Backflipt over an encrypted link using TLS 1.2.
Backflipt's multi-tier architecture separates internal application systems from the public internet. Public traffic to the website passes through a Web Application Firewall (WAF) before being routed to internal systems on private subnets. Both internal and external network traffic use secure, encrypted protocols. All network access—within the data center and between the data center and external services—is restricted by firewalls and routing rules. Additionally, all network activity is logged in a centralized, secure logging system.
All data in transit is encrypted and secured using Secure Sockets Layer (SSL). Backflipt exchanges information exclusively with services authorized by its users.
When business automation is executed, data from applications is processed through various steps within the flow. This data is deleted upon completion of the flow execution. However, for debugging purposes, both the data and execution logs can be retained for up to 30 days.
Users authenticate with these applications to enable business automation to process data on their behalf. The authentication information includes OAuth access tokens, API keys, or credentials. This data is encrypted using 256-bit encryption and securely stored. It is deleted when the user revokes authentication for an application
Any personal details, such as usernames and email addresses required to create an account, are stored as long as the user account remains active. The tenant administrator has full control over user account management, including adding and deleting users. At any time, a tenant administrator can request the deletion of all user records, and this data will be permanently removed from our systems.
Data at rest is stored in an encrypted format using AES-256-bit encryption. The Backflipt Security Management software handles decryption requests exclusively from the Backflipt service.
User account passwords are stored securely using robust hashing and salting techniques.
Backflipt has a public Privacy Policy that outlines the types of personal information collected, how it is handled, and the privacy rights of our customers
Backflipt utilizes AWS infrastructure hosted in the USA. Both Amazon and Google uphold high security standards for their data centers. For more information about the security measures implemented by Amazon to secure their infrastructure, please visit the AWS Security Page.
Backflipt follows a comprehensive software development lifecycle process that integrates security and privacy considerations. The process includes design and code reviews, as well as unit and integration testing.
Development staff receive regular training on secure coding practices from qualified third-party experts. Additionally, regular internal vulnerability scans are conducted, and an annual penetration test of the website is performed by a qualified third party.
Backflipt has implemented a range of security and monitoring tools for its production systems. These tools continuously monitor the security status of the systems, with automated alerts configured for security and performance issues. Although a breach of our systems is not anticipated, Backflipt has established a Security Incident Response Plan outlining roles, responsibilities, and procedures to address any actual or suspected security incidents.
Backflipt has established a comprehensive Business Continuity and Disaster Recovery program that includes contingency planning for natural disasters and other potential disruptions. IT measures to ensure high availability include running services across multiple redundant cloud Availability Zones and replicating the application database to a standby system.
The current system status and recent uptime statistics are always accessible at status.backflipt.com.
All employees undergo background checks that include education, employment, and criminal history verification. Employment at Backflipt requires employees to provide written acknowledgment of their roles and responsibilities regarding user data protection and privacy.
Backflipt enforces a mandatory information security training program for all employees and employs knowledgeable full-time security personnel.