Data protection and privacy
Startups and Fortune 500 companies trust DailyBot to manage teams, improve collaboration and boost productivity
DailyBot is a platform and chatbot built for team collaboration and productivity. The chatbot integrates into current messaging platforms like Slack, Google Chat, Microsoft Teams and there is a web application that is supported by modern web browsers.
DailyBot operates a Risk Management Program and Security Policies that are aligned with the ISO 27001:2013 requirements. It is compliant in the operation but not certified.
Our Data Center Physical Security Policy is strict and requires our cloud services to be hosted in ISO27001, SOC1, and SOC2 compliant data centers, one reason for operating with Amazon Web Services as our Infrastructure and Platform as a Service partner.
We’re committed to having experienced engineers behind our technology and product. We make sure that the team that builds, maintains, operates and oversees the system has the right qualification and follows our standards.
We are very strict about hiring the right people. In addition, every employee and contractor is subject to our background checks.
Once we integrate new team members, they must learn DailyBot’s security policies and go through training sessions about security awareness, covering from how to write safe code to manage data, security and customer privacy.
Physical and Network Security
DailyBot’s servers, databases and artifacts are securely hosted on Amazon AWS in the U.S. All of our users’ data is being processed in the U.S. See detailed information about AWS security.
AWS certifies their physical security with comprehensive compliance and controls, including allowing physical access to personnel with a validated business need, logged and monitored access, electronic surveillance and professional security personnel at all data center entry points. AWS is accredited against multiple security industry certifications including ISO27001. More details are available from the AWS website.
Each and every connection made to DailyBot is end-to-end encrypted over HTTPS, using TLS 1.3.
DailyBot forces HTTPS for all services, including our public website. Our customers data is stored in containers encrypted with AES256 (a 256-bit Advanced Encryption Standard) in multiple physical locations within the United States.
These are some of our key practices in security.
Our team members, employees and contractors have access to our system with our role-based permission system. Each user has unique credentials (username and password). We deny by default and we add privileges only to those that require access.
Our staff uses multi-factor authentication to access our systems.
We put a strong focus on our change management practices. Source code is reviewed by peers and managers, automated alerts are sent when code is pushed to any branch in our repositories. Our infrastructure as code lets us track any change to our production systems with total accountability and production releases require pull requests and sign-off by technical managers.
We use Continuous Integration tools to run automated tests and deploy to our pre-production environments. In addition to our automated tests, our team runs manual additional tests to make sure that everything is working properly. Once our code is approved, a senior member of our team releases it to production through automated systems that support rolling deploys and rollbacks.
We monitor every release and keep a log of our releases, scope and risks.
DailyBot’s systems are built on top of Amazon Web Services (AWS).
We take advantage of AWS security services for network and applications, those services provide us with vulnerability scanning, monitoring, alerting, configuration and intrusion detection. We log application usage and exceptions, in addition we track application runtime errors and alerts.
We use Firewalls and we have enabled mechanisms to protect our platform for activity like DDoS attacks, malicious bots and other nefarious intrusions.
DailyBot's uses AWS and other tools to scan for network vulnerabilities. We check daily against published security notices and patches required. We use release planning and change management. See the Bug Bounty program.
Any security issue of high priority for us. In compliance with GDPR and regulations, we will inform all customers affected by an incident as soon as possible, in a period no longer than 72 hours.
Backups and redundancy
Our automatic backups are part of our practices and built-in into our different services. Our data is backed up and stored encrypted. Our runtime servers have redundancy so that if a server fails, another can take over the work automatically and instantaneously. We a have disaster recovery program.
About our Vendors
We work with third-party providers that comply with our security standards and they are evaluated regularly. Whenever we consider working with a vendor, we make sure that their security is the same or better than our own.
Security inside the application
Any DailyBot organization and user is the owner of its project and data. They have the control to invite, allow, disallow access to their organizations at any time. All users are encouraged to use oAuth, and it's also possible to use email/password, Enterprise plans can optionally enable the 2FA for extra security. No customer or user keys or passwords are stored in the clear.
Secure software development
Our software development process requires developers to have sandboxed test environments that use their own test data. It's never possible to use production keys or data for local tests. At DailyBot we take code reviews very seriously in order to check changes and guarantee our application security. Every feature and release requires pull requests that are reviewed and approved by senior staff.
We can share more information about our practices and policies under NDA.
Industry standards for security with our world-class partners
ISO27001, SOC1, SOC2, PCI-DSS
Our services are hosted in AWS US-based facilities. AWS is accredited against multiple security industry certifications including ISO27001, SOC1, SOC2 and PCI-DSS. Additionally our payment partners (Stripe, Paddle) are PCI-DSS compliant.
Your data belongs to you
DailyBot is committed to keep your data secure and private. The chatbot never stores conversations and it only processes the chat events that include the bot (private messages with the bot, or messages tagging the @dailybot). Customers and team personal data is treated in accordance with EU's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We sign Data Protection Agreements (DPA) with our Enterprise customers.
GDPR compliance and commitment
DailyBot is GDPR compliant in our practices to handle customer data. The company's commitment with the EU regulation is set to ensure we handle data caring deeply about privacy and data security.
We have a Data Protection Agreement (DPA) available for our customers.
Experienced engineers behind
We're committed to having experienced engineers building our technology and product. We make sure that every team member has the right qualification and follows our standards, every employee and contractor is subject to our background checks.