Parabol Security FAQs
Does Parabol have any security certifications such as SOC2 or ISO27001?
Not yet. We are currently pursuing SOC 2 certification for the Parabol app. However, our hosting provider, Digital Ocean, is SOC2 certified.
Is Parabol GDPR compliant?
Yes, Parabol is GDPR compliant.
We also adhere to the California Online Privacy Protection Act (CalOPPA) and the United States Federal Trade Commission’s fair information practice principles (FIPPs).
Also, Parabol’s cloud service provider, Digital Ocean, is compliant with GDPR standards. See: https://www.digitalocean.com/legal/gdpr
Where does Parabol store my data?
Retrospective data is stored in memory within the localStorage of the web browser while the Parabol application is in use by end users.
Data about the retrospective is also simultaneously stored in our database for future access.
If using the Parabol SaaS solution, the retrospective data is stored in rethinkDB and PostgreSQL at our cloud service providers data center, currently in NYC with DigitalOcean.
Data related to the retrospective is also emailed to end users participating in retrospective meetings through meeting summaries.
What data does Parabol store?
User data: name, email, avatar photo, integrations
Meeting data: meeting type, history, comments, tasks, activity
Team data: membership, meetings, tasks, integrations
Much more information how how we handle data privacy can be found here: https://parabol.co/privacy
Where are Parabol’s severs located?
Our public servers are located in NYC, USA with the option for EU or client-side hosting
Does Parabol encrypt user data?
Yes, Parabol encrypts all user data. All data is encrypted while in use or in transit via transport layer security. Backups are also encrypted. We use SSL/TLS 256-bit Encryption with HSTP.
How are security requirements included in all stages of Parabol’s software development lifecycle?
The OWASP Top Ten is used to evaluate work at all stages of the software development lifecycle (“SDLC”) to incorporate security requirements: from ideation and prototyping, through design & design review, through architecture, implementation, code review, quality assurance, and customer success reports.
Work is tagged in our SDLC according to the level of risk associated with it, corresponding to levels defined in our Risk Management Framework. Particular levels require additional reviews (e.g. from a Senior Architect and/or our Security Officer), which often result in requirements changes from domain experts.
Does Parabol have a role responsible for Information Security?
Yes. The Security Officer role is responsible for information security at Parabol (firstname.lastname@example.org). The purpose of the role is to safeguard Parabol’s information and systems from security threats. The roles accountabilities include:
- Recommending and updating a stage-appropriate security framework to the Product Manager
- Reviewing and consulting on security policy changes, (e.g. firewall rule changs)
- Orchestrating security audits with outside vendors
- Completing prospective and current customer Risk Reviews
- Responding to incoming security disclosures according to the Security Disclosure Policy
- Capturing and detailing acceptance criteria for new security issues
If you have any questions about Parabol’s security or something is missing, you may contact us here:
8605 Santa Monica Blvd
West Hollywood, CA 90069-4109
See also: Parabol Terms of Service
Last updated: March 16th, 2023