At BoardMuster, we understand the critical importance of data privacy and security, especially for sensitive board-related information. We are committed to protecting your data through robust technical and organisational measures, leveraging the secure infrastructure provided by Base44.

1. Our Commitment

Our commitment to data security and privacy is foundational to our service. We aim to:

Protect your data from unauthorised access, disclosure, alteration, and destruction.

Ensure the confidentiality, integrity, and availability of your information.

Comply with relevant data protection regulations.

Provide transparency about our data handling practices.

2. Data Storage Location

BoardMuster is built on the Base44 platform. All customer data, including your personal information, board meeting details, documents, and communications, are stored within Base44's secure cloud infrastructure.

Database: Your structured data (e.g., member details, meeting schedules, action points, messages) is primarily stored in PostgreSQL databases managed by Base44. These databases are hosted within secure cloud environments (e.g., Google Cloud Platform, AWS, or Azure depending on Base44's architecture).

File Storage: Documents and attachments uploaded to BoardMuster are stored in object storage services (e.g., Supabase Storage, which often leverages cloud providers like AWS S3 or Google Cloud Storage) provided and managed by Base44.

Geographic Region: Data is typically hosted in major cloud regions chosen by Base44 for reliability and performance. Specific geographic locations can often be confirmed by Base44 if required for compliance purposes. It may be important to note that data on this system is not stored within Australia, but may at various times be stored in either the United States or Singapore.

3. Security Measures

We implement a combination of technical, physical, and organizational security measures:

a. Technical Safeguards:

Encryption in Transit: All data exchanged between your browser and BoardMuster, and between BoardMuster and Base44's services, is encrypted using industry-standard TLS (Transport Layer Security).

Encryption at Rest: Data stored in Base44's databases and file storage is encrypted at rest using strong encryption algorithms (e.g., AES-256).

Access Control: Strict access controls are implemented at the application and infrastructure levels, ensuring that only authorized personnel and processes can access data, based on the principle of least privilege.

Network Security: Base44's infrastructure includes firewalls, intrusion detection/prevention systems, and network segmentation to protect against external threats.

Secure Development Practices: Our development process adheres to security best practices, including code reviews and vulnerability testing.

b. Organisational Safeguards:

Employee Training: All personnel involved in the operation and development of BoardMuster are trained on data privacy and security best practices.

Access Management: Strict procedures are in place for granting, reviewing, and revoking access to systems and data.

Incident Response Plan: We have a plan in place to detect, respond to, and mitigate security incidents effectively, including notification procedures where required by law.

Regular Audits: Base44 regularly undergoes security audits and maintains relevant certifications (e.g., SOC 2, ISO 27001) for its platform infrastructure, which underpins BoardMuster's security.

4. Third-Party Processors

We partner with reputable third-party services that process data on our behalf. These partners are selected based on their commitment to security and privacy standards.

Base44: As our primary platform provider, Base44 handles the core hosting, database, authentication, and file storage. Base44's security and compliance measures directly contribute to the security of your data within BoardMuster.

Stripe: Processes all payment-related information for subscriptions. Stripe is a PCI DSS Level 1 certified service provider, the highest level of certification available in the payments industry.

Google (for Authentication): Handles user login and identity verification. Google's robust security infrastructure protects your login credentials.

5. Data Retention

We retain your personal data and board-related information only for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. When your account is terminated or data is no longer required, we will securely delete or anonymise your data.

6. Incident Response

In the event of a data breach or security incident, we will take immediate steps to:

Secure affected systems and data.

Investigate the scope and cause of the incident.

Mitigate any potential harm.

Notify affected users and relevant authorities as required by applicable laws and regulations.

7. Your Responsibilities

While we implement robust security measures, your cooperation is vital in protecting your data. We encourage you to:

Use strong, unique passwords for your Google account.

Enable multi-factor authentication (MFA) for your Google account.

Keep your login credentials confidential.

Be mindful of the information you share within the app and ensure it aligns with your organisation's internal policies.

8. Contact

If you have any questions or concerns regarding our data privacy and security practices, please do not hesitate to contact us at:

Email: [email protected].