BoardMuster Data Privacy and Security Statement
At BoardMuster, we understand the critical importance of data privacy and security, especially for sensitive board-related information. We are committed to protecting your data through robust technical and organisational measures, leveraging the secure infrastructure provided by Base44.
1. Our Commitment
Our commitment to data security and privacy is foundational to our service. We aim to:
Protect your data from unauthorised access, disclosure, alteration, and destruction.
Ensure the confidentiality, integrity, and availability of your information.
Comply with relevant data protection regulations.
Provide transparency about our data handling practices.
2. Data Storage Location
BoardMuster is built on the Base44 platform. All customer data, including your personal information, board meeting details, documents, and communications, are stored within Base44's secure cloud infrastructure.
Database: Your structured data (e.g., member details, meeting schedules, action points, messages) is primarily stored in PostgreSQL databases managed by Base44. These databases are hosted within secure cloud environments (e.g., Google Cloud Platform, AWS, or Azure depending on Base44's architecture).
File Storage: Documents and attachments uploaded to BoardMuster are stored in object storage services (e.g., Supabase Storage, which often leverages cloud providers like AWS S3 or Google Cloud Storage) provided and managed by Base44.
Geographic Region: Data is typically hosted in major cloud regions chosen by Base44 for reliability and performance. Specific geographic locations can often be confirmed by Base44 if required for compliance purposes. It may be important to note that data on this system is not stored within Australia, but may at various times be stored in either the United States or Singapore.
3. Security Measures
We implement a combination of technical, physical, and organizational security measures:
a. Technical Safeguards:
Encryption in Transit: All data exchanged between your browser and BoardMuster, and between BoardMuster and Base44's services, is encrypted using industry-standard TLS (Transport Layer Security).
Encryption at Rest: Data stored in Base44's databases and file storage is encrypted at rest using strong encryption algorithms (e.g., AES-256).
Access Control: Strict access controls are implemented at the application and infrastructure levels, ensuring that only authorized personnel and processes can access data, based on the principle of least privilege.
Network Security: Base44's infrastructure includes firewalls, intrusion detection/prevention systems, and network segmentation to protect against external threats.
Secure Development Practices: Our development process adheres to security best practices, including code reviews and vulnerability testing.
b. Organisational Safeguards:
Employee Training: All personnel involved in the operation and development of BoardMuster are trained on data privacy and security best practices.
Access Management: Strict procedures are in place for granting, reviewing, and revoking access to systems and data.
Incident Response Plan: We have a plan in place to detect, respond to, and mitigate security incidents effectively, including notification procedures where required by law.
Regular Audits: Base44 regularly undergoes security audits and maintains relevant certifications (e.g., SOC 2, ISO 27001) for its platform infrastructure, which underpins BoardMuster's security.
4. Third-Party Processors
We partner with reputable third-party services that process data on our behalf. These partners are selected based on their commitment to security and privacy standards.
Base44: As our primary platform provider, Base44 handles the core hosting, database, authentication, and file storage. Base44's security and compliance measures directly contribute to the security of your data within BoardMuster.
Stripe: Processes all payment-related information for subscriptions. Stripe is a PCI DSS Level 1 certified service provider, the highest level of certification available in the payments industry.
Google (for Authentication): Handles user login and identity verification. Google's robust security infrastructure protects your login credentials.
5. Data Retention
We retain your personal data and board-related information only for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. When your account is terminated or data is no longer required, we will securely delete or anonymise your data.
6. Incident Response
In the event of a data breach or security incident, we will take immediate steps to:
Secure affected systems and data.
Investigate the scope and cause of the incident.
Mitigate any potential harm.
Notify affected users and relevant authorities as required by applicable laws and regulations.
7. Your Responsibilities
While we implement robust security measures, your cooperation is vital in protecting your data. We encourage you to:
Use strong, unique passwords for your Google account.
Enable multi-factor authentication (MFA) for your Google account.
Keep your login credentials confidential.
Be mindful of the information you share within the app and ensure it aligns with your organisation's internal policies.
8. Contact
If you have any questions or concerns regarding our data privacy and security practices, please do not hesitate to contact us at:
Email: [email protected].
Frequently Asking Questions about Data & Security
BoardMuster is built on the robust Base44 platform, which is engineered with security, privacy, and compliance at its core. While BoardMuster focuses on delivering essential board management features, the foundational security elements are provided and managed by the Base44 infrastructure.
1. How do we handle Authentication and Account Protection?
Multi-Factor Authentication (MFA): BoardMuster leverages Google's secure authentication system. This means that users log in using their existing Google accounts. Google inherently offers robust MFA capabilities (e.g., Google Authenticator, security keys, SMS codes), which users can enable on their Google accounts. By relying on Google, we benefit from their advanced security features to protect user identities.
SSO Safeguard (Single Sign-On): The integration with Google provides a streamlined Single Sign-On (SSO) experience. This eliminates the need for users to manage separate credentials for BoardMuster, reducing password fatigue and the risk associated with weak or reused passwords. Google's identity platform serves as the central safeguard for user access.
Protections Against Compromised Accounts: Account protection primarily relies on Google's advanced security measures, which include continuous monitoring for suspicious login attempts, brute-force attack prevention, and alerts for unusual activity. On the Base44 platform level, our systems are designed to monitor access patterns and identify potential anomalies that could indicate a compromised account within the application context.
2. What is our approach to Data Security?
Data Storage Location: All application data for BoardMuster is stored securely within the Base44 platform's managed cloud infrastructure. This infrastructure utilises leading global cloud providers (e.g., Google Cloud Platform, Amazon Web Services), which adhere to stringent physical and environmental security standards in their data centers.
Encryption Practices:
Data in Transit: All data exchanged between your browser/device and the BoardMuster application (and the underlying Base44 platform) is encrypted using industry-standard Transport Layer Security (TLS/SSL) protocols (HTTPS). This ensures that all communications are private and protected from eavesdropping and tampering.
Data at Rest: All sensitive data stored within the Base44 platform's databases and file storage systems (including documents, meeting minutes, and member details) is encrypted at rest. This means that data stored on disk is unreadable without the appropriate decryption keys, providing a strong layer of protection against unauthorized access to storage media.
Backup Arrangements: The Base44 platform implements comprehensive backup and disaster recovery procedures. Data is regularly backed up to geographically diverse locations to ensure high availability and resilience against data loss. These backups are themselves encrypted and protected, allowing for quick restoration in the event of unforeseen incidents.
3. How do we handle Monitoring and Incident Response?
Security Event Detection: The Base44 platform employs continuous monitoring systems that track activity, system health, and potential security anomalies. These systems include intrusion detection, anomaly detection, and real-time logging and alerting for suspicious events.
Incident Management: In the event of a detected security incident, the Base44 security team follows a structured incident response plan. This plan outlines procedures for immediate containment, thorough investigation, root cause analysis, eradication of threats, recovery of services, and post-incident review.
Communication to Users: Should a security incident occur that impacts your data or the BoardMuster service, Base44 is committed to transparent and timely communication with affected users. Base44's policy dictates informing users promptly about the nature of the incident, its potential impact, and any steps they may need to take. Base44 communicates incidents to both the primary users of the account that BoardMuster is connected to as well as individual users of each instance on Base44, including those on BoardMuster.
4. Compliance and Standards
Alignment with Security Frameworks: The Base44 platform is built with adherence to recognised industry security frameworks and best practices in mind. While direct certifications like ISO 27001 or SOC 2 are for the entire Base44 platform, the BoardMuster application benefits from the platform's underlying security architecture, which is designed to support such compliance.
Privacy Regulations (e.g., GDPR): Base44 is committed to supporting compliance with global privacy regulations, including the General Data Protection Regulation (GDPR) and similar frameworks (e.g., CCPA). The platform provides functionalities and processes that help app developers (like BoardMuster) and users meet their obligations regarding data privacy, data subject rights, and transparent data handling. This includes features for data portability, data deletion requests, and clear consent mechanisms where applicable.
This comprehensive approach ensures that BoardMuster users can focus on managing their boards with confidence, knowing that their data is handled with a high level of security and care by the underlying Base44 platform.