Security Managment

Security & Compliance with Vanta

Crobox partners with Vanta to provide a secure and transparent Trust Center where customers can access key security and compliance information. Through our Vanta Trust Center, you can:

View real-time security status and compliance reports
Access security certifications and audit details
Review our data protection policies and practices

For the latest security updates, compliance documentation, and certifications, visit our .

If you need additional information, please contact your Account Manager.

Single Sign On (SSO)

Crobox supports Single Sign-On (SSO) to enhance security and streamline authentication. This feature allows users to log in via their organization’s identity provider (IdP) without needing separate credentials.

If your organization is interested in enabling SSO, please contact your Account Manager for further steps.

Status Page

The status of Crobox and related infrastructure services is continuously monitored and updated on our .

To check the latest system status, simply click the link above. You can also subscribe to notifications about scheduled maintenance, service incidents, and updates. Access to notifications is controlled and limited to authorized users.

FAQ

What subprocessors are involved, and where are the servers located?

Crobox utilizes trusted subprocessors for specific functionalities, such as hosting and system analytics. All of our (virtual) servers & services as well as our data storage is located within the European Union (region Europe-west 4 in the Netherlands). This includes our backup copies stored in Google Cloud. For certain AI functionalities, an LLM can be used for generalized analytics and product classifications, but the model will not be trained on it.

How are backups managed, and what measures ensure data recovery and security?

Regular automated backups are conducted, encrypted, and stored in secure environments. Disaster recovery protocols are in place to ensure data retrieval within agreed SLAs.

How does system and security logging use IP addresses?

Crobox’s platform logs all communication that takes place on our platform, as we need this data for system and security purposes. For example, this log is used to detect and protect against Distributed Denial of Service (DDOS) attacks.

This log data is raw system data that doesn’t have any correlation, interpretation, or other enrichment processes involved. However, system logging does include IP addresses, as these are required for security and system logging and thus can’t be excluded. To further minimize any impact, this system data is only stored in the logging infrastructure and is automatically removed after 14 days.

What is your process for managing and reporting performance or availability issues with the infrastructure?

How are vulnerabilities detected?

Finally, we are working together with the Hacker One program, which invites ethical hackers to find vulnerabilities in exchange for rewards.

Which other cloud services are integrated, and how are they authenticated or authorized?

PreviousCustom Themes and CSS NextData Security

Last updated 4 months ago

Was this helpful?