BookingFlow’s Statement on Security

Introduction

We use bookingflow every day to keep our team organized, connected, and focused on results. Ensuring our platform remains secure is vital to protecting our own data, and protecting your information is our highest priority.

Our security strategy covers all aspects of our business, including:

  • bookingflow corporate security policies
  • Physical and environmental security
  • Operational security processes
  • Scalability & reliability of our system architecture
  • Data model access control in bookingflow
  • Systems development and maintenance
  • Service development and maintenance
  • Regularly working with third party security experts

bookingflow Corporate Security Policies & Procedures

Every bookingflow employee signs a Data Access Policy that binds them to the terms of our data confidentiality policies, available at bookingflow.app/terms and bookingflow.app/privacy. Access rights are based on employee’s job function and role.

Security in our Software Development Lifecycle

bookingflow uses the git revision control system. Changes to bookingflow’s code base go through a suite of automated tests and are reviewed and go through a round of manual review. When code changes pass the automated testing system, the changes are first pushed to a staging server wherein bookingflow employees are able to test changes before an eventual push to production servers and our customer base. We also add a specific security review for particularly sensitive changes and features. bookingflow engineers also have the ability to “cherry pick” critical updates and push them immediately to production servers.

In addition to a list where all access control changes are published, we have a suite of automated unit tests that check that access control rules are written correctly and enforced as expected.

Security at the bookingflow office

We monitor the availability of our office network and the devices on it. We collect logs produced by networking devices such as firewalls, DNS servers, DHCP servers, and routers in a central place. The network logs are retained for the security appliance (firewall), wireless access points, and switches.

BookingFlow Architecture & Scalability

Scalability/Reliability of Architecture

bookingflow uses Google Cloud Platform (Firestore & Google Cloud Storage) to manage user data. The database is replicated synchronously so that we can quickly recover from a database failure.

We currently host data in secure SSAE 16 audited European data centers via Google Cloud Platform.

Encrypted Transactions

Web connections to the bookingflow service are via TLS 1.1 and above. We prohibit insecure connections using TLS 1.0 and below or RC4.

bookingflow Information Security

What is the GDPR?

The General Data Protection Regulation, better known as the “GDPR,” is a new regulation in the EU that will replace the EU Data Protection Directive that has been in existence since 1995. The GDPR is designed to provide additional protections regarding how personal data of EU citizens is collected, used, shared, and secured. It will come into effect on May 25, 2018.

What steps is bookingflow taking to comply with the GDPR?

bookingflow remains committed to protecting your data and respecting your privacy. And to that end, we have been partnering with our customers and vendors as well as reviewing and updating our policies and approach for handling personal data where necessary to align our practices with the requirements of the GDPR.

Employee Workstations, Laptops, & Mobile Devices

All laptops and workstations are secured via full disk encryption and centrally managed. We diligently apply updates to employee machines and monitor employee workstations for malware. We also have the ability to apply critical patches and remote wipe a machine.

Data Center Security

Google

Google employs a robust physical security program with multiple certifications, including an SSAE 16 certification. For more information on Google's physical security processes, please visit cloud.google.com/security.

Privacy

Privacy Policy

bookingflow’s privacy policy, which describes how we handle data input into bookingflow, can be found at bookingflow.app/privacy.

Availability

We are committed to making bookingflow consistently available to you and your teams. Our systems have built-in redundancy to withstand failures and are constantly monitored to keep your work uninterrupted. You can always monitor our availability at our trust page.

Want to report a security concern?

Email us at security@bookingflow.app.

`;