Dubb Platform Security and Compliance
Last updated: August 26, 2020
Dubb is a cloud application that provides video CRM software as a service. Our platform creates a seamless experience to create, share, and track videos with secure integrations into third-party software platforms.
Our software is designed to request the most limited access to customer resources to achieve a seamless video experience. We are continuously mindful of our customer’s privacy and limit access to all customer data on a need to know basis internally.
Dubb applies best security practices retaining a minimal amount of customer data and operating with the fewest privileges necessary to provide a great experience to our users.
This document is meant to be an overview of platform-related privacy, security, and compliance.
A Dubb user has the ability to record videos via the Dubb website ( https://dubb.com), Dubb mobile app (https://dubb.com/mobile-app), Dubb Outlook Add-on (https://dubb.com/outlook), and Dubb Chrome Extension (https://dubb.com/chrome). The Dubb Chrome Extension offers seamless integrations into a number of third party software applications such as Gmail, LinkedIn, HubSpot, Salesforce, and more. View all of our integrations here at https://dubb.com/integrations.
All connections from the browser to the Dubb platform are encrypted in transit using TLS SHA-256 with RSA Encryption.
All data is encrypted at rest.
Dubb user passwords are stored as salted password hashes
The Dubb application is hosted on Digital Ocean. Digital Ocean continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. DigitalOcean is certified in the international standard ISO/IEC 27001:2013. By achieving compliance with this globally recognized information security controls framework, audited by a third-party, DigitalOcean has demonstrated a commitment to protecting sensitive customer and company information. That commitment doesn’t end with a compliance framework, but is a necessary baseline for security. Digital Ocean's ISO/IEC 27001:2013 certificate can be viewed here.
For additional information see:
We keep our systems up to date with the latest security patches and continuously monitor for new vulnerabilities through compliance and security mailing lists. This includes automatic scanning of our code repositories for vulnerable dependencies. All of our services run in containers that isolate processes, memory, and the file system using LXC while host-based firewalls restrict applications from establishing local network connections. The services are configured with tight network security constraints to further limit any potential risk. Digital Ocean regularly conducts internal vulnerability assessments and patch the underlying systems.
Incident Response Plan
Dubb routinely monitors our external services and open source libraries for security issues and has executed Data Processing Addendums (DPA) with our vendors to ensure prompt notification of data breaches. Dubb continuously scans Dubb for service interruptions, performance degradation, and security vulnerabilities with automated tools to immediately alert our engineers when an incident has been detected. Users may also report security issues to the email@example.com.
Whenever our engineering team is alerted to a security issue, the team determines what systems are affected and quickly contains the problem by disconnecting all affected systems and devices. Because all of our services run in containers that isolate processes, memory, and the file system they are easily replaced and updated in their entirety inhibiting further escalation.
If data was found to be affected, it is restored from clean backup files, ensuring that no vulnerabilities remain. Secondary backups are also stored in Digital Ocean Spaces CDN. Systems are monitored for any recurrence. Ephemeral services are patched and redeployed eliminating any chance of malware persistence.
The Dubb engineering team analyzes every operations incident and how it was handled, making recommendations for better future response and for preventing a recurrence.
Change Management Plan
New releases to the Dubb Platform are thoroughly reviewed and tested to ensure high availability and great customer experience. Changes to our codebase are required to include unit tests, integration tests, and end-to-end tests. Changes are also run against our continuous integration server. This enables us to automatically detect any issues in development.
Once a changeset is completed, it is manually peer-reviewed by one or more members of the engineering team. The changeset is then evaluated and manually tested by our quality assurance team to thoroughly test areas of expected impact, regression test, and further evaluate the user experience.
After a changeset is released, we continue to monitor application exceptions and log exceptions. These exceptions are regularly reviewed and triaged for resolution. Performance impacts of the changeset are monitored through several monitoring services.
Employee Screening and Policies
As a condition of employment, all Dubb employees undergo pre-employment background checks and receive training during onboarding and throughout their employment on company policies, security, GDPR, and other related security, privacy, and compliance topics.
You can count on the fact that Dubb is committed to GDPR compliance. We understand the importance of incorporating standards put forth by the General Data Protection Regulation (GDPR) into our data practices and making sure our customers, whether citizens of the EU or businesses that use Dubb with European customers, feel secure and confident to continue using Dubb. We have developed new features, enhanced existing functionalities, and established additional documentation regarding our efforts.
However, GDPR is a broad regulation. Since it’s new, and since there is no certification process, no company can legitimately claim that they are GDPR compliant. Dubb makes a good-faith effort to be compliant with GDPR, both now and as future developments come along.
If you integrate Dubb to share invitee information with another application, we designate invitees in GDPR countries as "transactional contacts" so their information is only used to send information about orders, shipments, test message, etc., unless they explicitly opt-in to future, marketing-related emails.
Dubb End User License Agreement
Our current End User License Agreement can be found here: