Security and Compliance

At BoldDesk, we do everything to make sure your data is always safe with us. You probably came here because you have questions, so let’s answer the important ones.

SOC 2 Type 2

Our SOC 2 Type 2 certification verifies that BoldDesk has successfully completed a thorough audit, ensuring that our security policies and controls consistently meet the highest industry standards when it comes to keeping data safe and secret.

SOC2 Overview

GDPR Compliant

As a company, we take data privacy very seriously and maintain GDPR compliance with many customers in Europe.

Contact sales for more information

Datacenter Security

All our platform infrastructure is hosted on Google Cloud Platform (GCP) and Microsoft Azure within virtual private clouds (VPC) we configure and manage to safeguard against unauthorized network requests. GCP and Azure are deeply committed to securing the underlying infrastructure we build on, and they are continuously expanding their compliance programs.

For more details, please refer to the Microsoft and Google data center security policies linked below:

Google Cloud Platform Data and Security

Microsoft Azure Data and Security

Software Security

Our application runs on the latest stable version of the Microsoft .NET Framework. We reduce the attack surface by isolating our processes with containerized microservice architecture. Our application is also automated with a real-time static analyzer tool that does extensive computation and ensures the security of our source code.

All our developers are trained to pay specific attention toward security. Our automated and manual code review processes constantly look for any code that could potentially violate security policies.

Payment Security

BoldDesk uses a PCI-compliant payment processor for encrypting and processing credit card payments. We have partnered with Stripe to securely handle sensitive payment processing data. Details about their security posture and PCI compliance can be found at Stripe’s  Security  page.

BoldDesk does not have access to customers’ credit card data at all.

Encrypted Transmission

All user data is transported securely, encrypted in transit and encrypted at rest. Encrypting your data provides an additional layer of protection against events such as unauthorized modification and man-in-the-middle attacks. We use 256-bit SSL/TLS 1.2 encryption and industry-standard AES-256 algorithms.

Vulnerability Scans

BoldDesk uses security tools to continuously scan for vulnerabilities. Additionally, vulnerabilities in third-party libraries and tools are monitored and software is patched or updated promptly when new issues are reported.

Penetration Testing

BoldDesk undergoes regular penetration testing by our in-house security experts and development team. A yearly detailed penetration test is performed by third-party security experts to confirm the security of our products and environment.

Privacy and GDPR

BoldDesk recognizes that protecting privacy requires a comprehensive security program. BoldDesk is fully GDPR-compliant, and we handle our customers' personal data with great care and respect, as outlined in our terms of service and privacy policy.

Monitoring and Alerting

Our application and the underlying infrastructure components are actively monitored 24/7. Our engineers are immediately notified in case of an outage. You can view our historical product reliability details on the  status page.

Backup and Availability

To maximize availability, our systems automatically replicate your data across multiple locations in real time. Data is also continuously backed up to ensure that we can restore access to your data and the service in the unlikely event that all data replicas fail simultaneously. Our monitoring system alerts us to any problems, and we have staff on call at all times to handle any unexpected incidents.

Uptime

BoldDesk has a 99.9% uptime or higher. To check the system status at any time, go to the status page. If our systems require maintenance or a brief outage, clients will be notified in advance

For more security details, please refer to our Security Management Report.

Enterprise-Grade Security and Privacy

To protect your customers’ data, security systems control access to your entire organization and secure your data at multiple levels. Encryption, audit logs, IP restrictions, and SSO are features that can help you protect your data and restrict access to only authorized users.

Single sign-on with BoldDesk allows users to log in and access their help desk account with a single set of credentials by using systems such as Office 365, OAuth 2.0, and OpenID.

IP restrictions allow you to limit the IP addresses from which your organization can access the help desk.

Create password policies to enforce secure, strong passwords; frequent password rotation; and password expiration to fit your security standards and policies.

Accept or reject emails received from specific senders and domains. Emails on the blocklist are blocked and are not routed to spam.

DKIM signatures notify the recipient that an email is sent from an authorized domain.

Audit logs contain information about specific events or operations, such as access, change details, who performed an action, and so on.

Questions

If you believe you have found a security vulnerability in BoldDesk, please let us know right away.
You can find more information on reporting a vulnerability here.

Security and Compliance

<img src="https://storage.googleapis.com/cdn-website-bolddesk/2023/04/17c09819-soc-2-type-2.svg" class="img-title">SOC 2 Type 2

<img loading="lazy" src="https://storage.googleapis.com/cdn-website-bolddesk/2023/04/51881e5c-gdpr-compliant.svg" class="img-title">GDPR Compliant

<img loading="lazy" src="https://storage.googleapis.com/cdn-website-bolddesk/2023/04/51881e5c-datacenter-security.svg" class="img-title">Datacenter Security

<img loading="lazy" src="https://storage.googleapis.com/cdn-website-bolddesk/2022/10/6dc89d9b-software-security-v3.svg" class="img-title">Software Security

<img src="https://storage.googleapis.com/cdn-website-bolddesk/2022/10/8807d7d8-payment-security-v2.svg" class="img-title">Payment Security

<img src="https://storage.googleapis.com/cdn-website-bolddesk/2022/10/2f2535b1-encrypted-transmission-v2.svg" class="img-title">Encrypted Transmission

<img src="https://storage.googleapis.com/cdn-website-bolddesk/2022/10/cc5fabd9-vulnerability-scans-v3.svg" class="img-title">Vulnerability Scans

<img src="https://storage.googleapis.com/cdn-website-bolddesk/2022/10/cce3f866-penetration-testing-v3.svg" class="img-title">Penetration Testing

<img src="https://storage.googleapis.com/cdn-website-bolddesk/2022/10/43da7a6c-privacy-gdpr-v2.svg" class="img-title">Privacy and GDPR

<img src="https://storage.googleapis.com/cdn-website-bolddesk/2022/10/18ccbaad-monitoring-and-alerting-v2.svg" class="img-title">Monitoring and Alerting

<img src="https://storage.googleapis.com/cdn-website-bolddesk/2022/10/cd6f758a-backup-and-availability-v2.svg" class="img-title">Backup and Availability

<img src="https://storage.googleapis.com/cdn-website-bolddesk/2022/10/4ade3297-uptime-v2.svg" class="img-title">Uptime