Crobox partners with Vanta to provide a secure and transparent Trust Center where customers can access key security and compliance information. Through our Vanta Trust Center, you can:
View real-time security status and compliance reports
Access security certifications and audit details
Review our data protection policies and practices
For the latest security updates, compliance documentation, and certifications, visit our Crobox Trust Center.
If you need additional information, please contact your Account Manager.
Single Sign On (SSO)
Crobox supports Single Sign-On (SSO) to enhance security and streamline authentication. This feature allows users to log in via their organization’s identity provider (IdP) without needing separate credentials.
If your organization is interested in enabling SSO, please contact your Account Manager for further steps.
Status Page
The status of Crobox and related infrastructure services is continuously monitored and updated on our Crobox Status Page.
To check the latest system status, simply click the link above. You can also subscribe to notifications about scheduled maintenance, service incidents, and updates. Access to notifications is controlled and limited to authorized users.
FAQ
What subprocessors are involved, and where are the servers located?
Crobox utilizes trusted subprocessors for specific functionalities, such as hosting and system analytics. All of our (virtual) servers & services as well as our data storage is located within the European Union (region Europe-west 4 in the Netherlands). This includes our backup copies stored in Google Cloud. For certain AI functionalities, an LLM can be used for generalized analytics and product classifications, but the model will not be trained on it.
How are backups managed, and what measures ensure data recovery and security?
Regular automated backups are conducted, encrypted, and stored in secure environments. Disaster recovery protocols are in place to ensure data retrieval within agreed SLAs.
How does system and security logging use IP addresses?
Crobox’s platform logs all communication that takes place on our platform, as we need this data for system and security purposes. For example, this log is used to detect and protect against Distributed Denial of Service (DDOS) attacks.
This log data is raw system data that doesn’t have any correlation, interpretation, or other enrichment processes involved. However, system logging does include IP addresses, as these are required for security and system logging and thus can’t be excluded. To further minimize any impact, this system data is only stored in the logging infrastructure and is automatically removed after 14 days.
What is your process for managing and reporting performance or availability issues with the infrastructure?
Infrastructure performance or incidents are managed according to the agreed SLA. Additionally, infrastructure incident reports are made available on our status page, where stakeholders can subscribe to receive notifications. Access to notifications is controlled and limited to authorized users.
How are vulnerabilities detected?
We implement daily automated scans and continuous system monitoring to identify vulnerabilities. This proactive approach ensures that any security issues or necessary patches are promptly detected and addressed. Next to this we do a yearly penetration test with an external partner, and upload the results in our Vanta Trust Center.
Finally, we are working together with the Hacker One program, which invites ethical hackers to find vulnerabilities in exchange for rewards.
Which other cloud services are integrated, and how are they authenticated or authorized?
We use Google Cloud for our hosting and infrastructure, with secure authentication and authorization mechanisms in place for all connected cloud services. These connections are protected by industry-standard security protocols. For more information, refer to our GDPR Legal Service Agreement.
