Trust is our business at Crossbeam. Our environments, practices, and policies are built with security, privacy, and compliance as as core design principles.
The European Union’s General Data Protection Regulation (GDPR) creates a standard framework to which all compliant businesses must adhere, creating clarity and transparency for customers.
In compliance with GDPR, Crossbeam offers a Data Processing Addendum (DPA) that enacts standard contractual clauses set forth by the European Commission to establish a legal basis for cross-border data transfers from the EU.
Crossbeam's GDPR Resources:
Crossbeam is certified under the EU-US Privacy Shield Framework. The EU-U.S. Privacy Shield Framework provides a method for companies to transfer personal data to the United States from the European Union (EU) in a way that is consistent with EU law. More information on Privacy Shield is available here.
U.S. businesses participating in the Privacy Shield Frameworks must provide an independent dispute resolution service to EU or Swiss individuals whose personal data they transfer to the United States. Crossbeam participates in the BBB EU Privacy Shield program, operated by the Council of Better Business Bureaus, for independent dispute resolution.
Crossbeam's Privacy Shield Resources:
Incident Response: Crossbeam treats security incidents as our top priority. We’ve built our application with security at the center from day one in order to prevent any security incidents from taking place. However, if any incidents are identified, we will follow established Incident Response and Notification Plans which are reviewed and tested by our Security and Disaster Management Committee quarterly.
Environment: Crossbeam’s servers are hosted in Amazon Web Services, which provides assurances for their physical and virtualized computing environments including SOC 1, 2, and 3, and ISO/IEC 27001. Crossbeam operates within an Amazon Virtual Private Cloud (VPC), with subnets segregated by security level, and firewalls configured to restrict network access. Crossbeam also regularly installs security updates and patches.
Monitoring and Testing: Crossbeam regularly performs automated vulnerability scans. We also monitor application, system, and data access logs within our production environment for anomalous behavior. In addition, we engage a trusted third party vendor to complete manual penetration tests quarterly. These reports are made available upon request to Enterprise Clients.
Client Data Classification: Your data and credentials are our most critical assets. We strictly control access to data and credentials and require them to be encrypted using industry-standard methods both at rest and in transit.
Crossbeam Employee Policies and Procedures: All Crossbeam employees are required to follow strict procedures to ensure your data remains secure. Additionally, Crossbeam educates employees on an ongoing basis on their role in protecting your data.
Security and Disaster Management Committee: Crossbeam maintains a Security and Disaster Management committee, who are responsible not only for implementing security and compliance, but for overseeing and maintaining our security policies and procedures, and staying up-to-date with any changes to the security landscape.
The Crossbeam team is available to answer any questions or concerns related to security, privacy, or compliance. Reach out to firstname.lastname@example.org to contact our team directly.