Boon members entrust us with their information every day and we take their security seriously. Our core value of putting our members’ first powers all of the decisions we make, including how we manage and protect the data of our members and customers. We never stop working to ensure Boon is secure.
Boon supports SSO using OAuth2 for Google Sign In. Any private keys used for encryption are encrypted themselves when stored on local computers only. Two-factor authentication is used on every hosting provider Boon uses.
Boon does not store any data on-premises. We use AWS for all data storage and processing, which complies with stringent security requirements.
We follow GDPR principles, including explicit consent, purpose limitation, security, the right to be forgotten, and more. You can read our new Privacy Policy to learn more about how we use and safeguard your privacy and data.
Our employees know how to handle your data - we enforce multi-factor authentication for all internal systems and third-party services where it is supported, and an internal data access policy is required learning for new employees. No data on Boon is ever transmitted on an un-secure connection, even between internal microservices.
Private data deleted within 30 days upon request. Publicly available data will not be deleted. Some exceptions. You can read our Privacy Policy for more details, or put in a Data Access Request.
Boon services run on AWS and Heroku which is physically secure, employ modern software security techniques, and require multi-factor authentication for access. The AWS cloud meets several global security standards such as ISO 27001 and SOC.