Cubo employs advanced technology to secure and back up your account information on protected and guarded systems that allow for scalability, performance and reliability.
We do not share or sell the organizational or personal information for you or any team member connected to your account. Period. Your team's data belongs to you and your team. You may export it at anytime. We will purge your data from our data stores and logs at your request or automatically upon account cancellation. We cannot access your data unless you ask us to for troubleshooting purposes.
Whenever your data is in transit between you and us, everything is encrypted, and sent using HTTPS. Each user in your organization is provided with a unique user name and h3 password or expiring authentication token that must be entered each time a user signs on. Cubo issues a session cookie only to record encrypted authentication information for the duration of a specific session, not to store usernames or passwords. Our session cookies use the secure and HTTP only flags. Your credit card data is securely submitted directly from your browser to a leading, PCI Service Provider Level 1 payment gateway. It never touches our servers. We keep rotating, daily backups of all account data.
Under the hood, all data is encrypted in transit and at rest. Sensitive data, like passwords, authentication tokens and status check-ins are never logged. Your data is housed in physically secured, SOC2 compliant, and ISO 27001/27017/27018 certified data centers within the United States.
Our managed hosting provider operations team monitors all hosts and services for integrity and availability, 24 hours a day, 7 days a week. Our software infrastructure is updated regularly with the latest security patches. Both manual and automated vulnerability scans and security reviews are continuously performed.