Security

Information security is a core part of your company’s success. That’s why we’ve gone to extensive measures to protect it.

Security

SOC 2 Compliance

At this time Base has not yet completed a SOC 2 audit and certification, however from the inception of Base, it has been built with adherance to the expectations of compliance with established security policies and procedures. Expectations such as the principal of lowest required data access, data encryption, restricting who, what and where we store user data, procedures for onboarding and offboarding, etc. are all things Base has in place as we know this is critical to the handling of user data.

PCI compliance

We just recently introduced payment processing via Stripe and are awaiting our final documentation. Through our integration with Stripe, Base falls into the Level 4: SAQ A-EP compliance category. All payment processing is outsourced to Stripe, which is a PCI DSS validated processor. No electronic storage, processing, or transmission of cardholder data occurs on Base’s systems or premises.

Datacenter security

We use a third-party, top-tier datacenter that maintains several industry-recognized certifications, including ISO, SOC, PCI, and more.

Our hosting provider is also compliant with numerous regulations, privacy standards, and frameworks, including HIPAA, HITECH, GLBA, the EU Data Protection Directive, EU-US Privacy Shield, FISMA, and more than 30 others.

Server security

Our servers are hardened according to best-in-class NIST standards and include truly next-gen security tooling, file integrity monitoring (FIM), APT, and rootkit detection

Encrypted transmission

All browser connections and communication is transmitted over SSL (TLS), ensuring data privacy and integrity. Our servers only support the highest level of encryption 256-bit cipher suites TLS 1.2 or TLS 1.3, protecting against unauthorized disclosure, modification, and replay attacks.

Encryption of authentication and session data

All authentication and session data is encrypted with the strongest available AES-256, ensuring your account credentials and sessions remain protected and unreadable in a stored state.