Boon members entrust us with their information every day and we take their security seriously. Our core value of putting our members’ first powers all of the decisions we make, including how we manage and protect the data of our members and customers. We never stop working to ensure Boon is secure.
Boon supports SSO using OAuth2 for Google Sign In. Any private keys used for encryption are encrypted themselves when stored on local computers only. Two-factor authentication is used on every hosting provider Boon uses.
Boon utilizes industry-standard encryption protocols. All data in transit is encrypted using TLS 1.2/1.3, ensuring that data is secure while being transferred. Data at rest is encrypted using AES-256, protecting stored data from unauthorized access. No data on Boon is ever transmitted on an un-secure connection, even between internal microservices.
The data collected by Boon is strictly limited to what the admin provides to us to invite employees. In cases of integration, we only collect the necessary fields: [first name] and [last name], [email address]. We do not collect or store any additional information beyond this scope.
We limit sharing to only essential third-party services, each thoroughly vetted for security compliance. They employ industry-standard encryption, regular penetration testing, and rigorous access controls to ensure the security of any data involved in these integrations.
We follow GDPR principles, including explicit consent, purpose limitation, security, the right to be forgotten, and more. You can read our new Privacy Policy to learn more about how we use and safeguard your privacy and data.
Boon does not handle any confidential employee data or PHI (Protected Health Information). The only employee data we collect includes [first name] and [last name], [email address] to create accounts, and optionally, phone numbers. No other sensitive personal information is collected or stored.
Boon has been evaluated by third-party security experts, including penetration testing. The most recent penetration test was conducted by Security ScoreCard, and all identified vulnerabilities were promptly addressed.
oon does not store any data on-premises. We use AWS for all data storage and processing, which complies with stringent security requirements.
Boon ensures that all data collection is based on freely given, informed, and unambiguous consent. Users can opt-in for any data collection, and they have the right to withdraw consent at any time by requesting deletion of their data.
Private data is deleted within 30 days upon request. Publicly available data will not be deleted with some exceptions. You can read our Privacy Policy for more details, or put in a Data Access Request.
Boon stores its data on secure servers hosted by AWS and Heroku, both of which are certified and comply with stringent security standards, including GDPR. These servers are located in secure data centers with ISO 27001 certification, ensuring the highest standards of security.