Security

Information security is a core part of your company’s success. That’s why we’ve gone to extensive measures to protect it.

Base uses industry-best, market-leading security tools to protect our customers’ most sensitive and confidential data. Our experienced team manages all areas of database, network, system and application security, including 24×7 monitoring and alerting. Here are just some of the industry best security measures we employ in each of our environments.

SOC 2 Type 2 Compliant

Base is SOC2 Type 2 Compliant. Security Controls are defined and in place and have been audited by an accredited third party. Our report is available upon request as part of the software procurement process for Team and Enterprise plans.

Expectations such as the principle of lowest required data access, data encryption, restricting who, what and where we store user data, procedures for onboarding and offboarding, etc. are all things Base has in place as we know this is critical to the handling of user data. A full list of our third-party data subprocessors is available here.

PEN Testing

Base completed an automated web application scan type PEN Test in Feb 2021 with outstanding results (2 Low, 0 Med, and 0 High Risk items) all of which have been mitigated. We maintain strict audited controls around Security vulnerability handling.

Base has completed independent Tier 2 and Tier 3 Cyber Security Risk Assessments by CyberGRX and is fully SOC2 Compliant.

PCI compliance

Through our integration with Stripe, Base falls into the Level 4: SAQ A-EP PCI compliance category for all payment processing. All payment processing is outsourced to Stripe, which is a PCI DSS validated processor. No electronic storage, processing, or transmission of cardholder data occurs on Base’s systems or premises.

Datacenter security

We use a third-party, top-tier datacenter that maintains several industry-recognized certifications, including ISO, SOC, PCI, and more.

Our hosting provider is also compliant with numerous regulations, privacy standards, and frameworks, including HIPAA, HITECH, GLBA, the EU Data Protection Directive, EU-US Privacy Shield, FISMA, and more than 30 others.

Server security

Our servers are hardened according to best-in-class NIST standards and include truly next-gen security tooling, file integrity monitoring (FIM), APT, and rootkit detection

Encrypted transmission

All browser connections and communication is transmitted over SSL (TLS), ensuring data privacy and integrity. Our servers only support the highest level of encryption 256-bit cipher suites TLS 1.2 or TLS 1.3, protecting against unauthorized disclosure, modification, and replay attacks.

Encryption of authentication and session data

All authentication and session data is encrypted with the strongest available AES-256, ensuring your account credentials and sessions remain protected and unreadable in a stored state.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.