Security at Back
Keeping your data secure and available is essential to us. We apply state-of-the-art technologies and strict security policies to provide a platform you can trust.
Your data is safe with us
Reliable infrastructure
With Amazon Web Services (AWS), we utilize the world's most extensive, reliable, and secure cloud infrastructure.
The data centers are monitored by 24/7 security, biometric scanning, video surveillance and are SOC 1, SOC 2, and SOC 3 certified.
Data encryption
All data flowing between you and our servers is encrypted in transit using TLS 1.2. Nobody can eavesdrop on the connection.
Data is also encrypted at-rest using 256-bit AES encryption. This means it's protected from unauthorized access at all times.
Authentication
We enforce strong passwords for everyone logging into Back. Sorry, password123 won't work; you need to get a bit more creative.
If your company prefers to use an identity provider like Google or Okta to control user access, we have you covered as well.
Our internal security policies
Access to customer data
We have a role-based system to access production data. Access is exclusively granted to a few employees who need it to perform their daily operations.
Connection to the infrastructure requires multiple authentication levels: an individual SSH key with a passphrase and valid AWS IAM credentials. Each engineer has a unique login to the database. We log every access to the database as well as every executed query. That means if something still went wrong with all these measures in place, we will know which data has been accessed or modified.
And finally, we only hire kind and honest employees who made it through an extensive screening and interview process.
Continuous security hygiene
Our employees use company-owned computers with hard-drive encryption enabled.
Everyone is required to use a password manager, which our company monitors. Only unique and strong passwords are allowed. We also enforce two-factor authentication whenever possible.
No unauthorized person has access to our office in Berlin. We have documented key management, our office is securely locked, and we have video surveillance in place.
Code security
We're working hard to keep our code safe, too. Without exception, every line of code going on production goes through a required and documented code review by one or more engineers.
Before the deployment, we run hundreds of automated tests to ensure the stability of the latest version and static code analysis to catch potential mistakes. An automated service is frequently running to check our code dependencies and make sure we keep them up to date.
Frequently asked questions
Where's our data being stored?
The data is stored in Frankfurt, Germany, in a highly secure Amazon Web Services data center.
How often do you back up the data?
We're doing a snapshot of the database every four hours. Snapshots are replicated across multi-zones.
Does Back require a specific browser or plugins?
Back works with all modern browsers (Chrome, Firefox, Safari, and Edge) without additional plugins.
How can I report a vulnerability?
We welcome feedback regarding security vulnerabilities from Back users and security researchers. If you believe you found one, please read our Security Vulnerability Disclosure Policy and report it at security@backhq.com.
