Security & Compliance
Our customers rely on BetterCloud to manage and secure mission-critical SaaS applications and the data inside them. To protect our customer’s environments, BetterCloud utilizes the best infrastructure, protected by top Security experts.
Download our Security and Compliance White Paper to learn more.
If you are here to sign a GDPR Data Protection Agreement with BetterCloud, please click here.
Compliance & Certifications
BetterCloud is certified for a number of compliance standards and controls, and undergoes independent third party audits to test for data safety, privacy, and security.
A SOC 2, Type II attestation reports on controls relevant to security, availability, processing integrity, confidentiality or privacy. SOC 2, Type II is intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service.
Download a copy of BetterCloud’s SOC 3 Report. Please reach out to your Customer Success Manager or Account Executive to receive a copy of BetterCloud’s SOC 2 report.
The Cloud Security Alliance’s (CSA) Security, Trust & Assurance Registry (STAR) is a free, publicly-accessible registry that offers a security assurance program for cloud services, helping users assess the security posture of the cloud providers they currently use or are considering using.
BetterCloud has achieved Level 1 status with the CSA STAR program. You can view our registry entry with the CSA STAR program, along with the results of our self-assessment and related supporting documentation, by visiting https://cloudsecurityalliance.org/star/registry/bettercloud/.
Privacy Shield certification ensures that BetterCloud’s privacy and data collection practices are in line with European regulatory requirements. In addition they have been reviewed and approved by an independent third-party based on the guidelines set forth by Privacy Shield for transparency, accountability and choice regarding the collection and use of a consumer personal information.
The BetterCloud Master Subscription Agreement (MSA) and Data Processing Addendum (DPA) address the obligations and requirements of the California Consumer Privacy Act (CCPA) and European Union General Data Protection Regulation (GDPR), respectively. These documents make it easy for customers to share information with their stakeholders, including compliance and privacy managers, customers and potential auditors. For more information, see the Privacy FAQ section below.
The BetterCloud MSA and DPA are supported by the people, processes and technology necessary for protection of customer personal data in compliance with legal and contractual obligations for regulations such as CCPA and GDPR. The key activities implemented for privacy regulations are listed below.
- Provided awareness sessions with customer-facing staff on their roles and responsibilities for compliance
- Updated company-wide security awareness materials to include new customer personal data protection and privacy practices;
- Established and assigned data protection roles and responsibilities;
- Established email@example.com firstname.lastname@example.org for data subjects to submit requests
- Retained outside counsel with extensive expertise in privacy and security matters to provide ongoing advisory services for privacy compliance
- Established and maintained registers of customer personal data collection and processing activities
- Completed privacy risk assessment to support customer data protection impact assessments
- Maintained SOC 2 security and confidentiality controls to support processing activities for protection of customer personal data
- Established DPAs and CCPA addenda with sub-processors of customer personal data
- Provided MSA, CCPA addendum and DPA upon request from email@example.com to support customer compliance
- Established a privacy-by-design checklist
- Removed special categories of data from the product
- Implemented new features to support data subject requests from customers exercising their rights to erasure and data portability
GDPR & CCPA FAQ
1. What personal data is processed by BetterCloud? BetterCloud processes the following types of personal data:
- Contact and job information (Name, Email, Phone, Photo, Title, Address, Department, Manager)
- User information (IP address, user activity, helpdesk tickets, satisfaction data)
- Payment information
2. What categories of individuals (aka data subjects) does the personal data come from?
BetterCloud processes personal data from customers’ SaaS application users and administrators.
3. Where does BetterCloud store customer personal data?
All customer personal data is stored by BetterCloud on the Google Cloud Platform (GCP) using datacenters located in the United States of America. BetterCloud maintains Privacy Shield certification to provide an adequate level of protection for data transfers from the EU.
If you have any questions, please contact your Account Executive, Customer Success Manager, or email firstname.lastname@example.org.
4. How do I obtain a Data Processing Addendum?
We make it easy for our customers to formalize and share with stakeholders, including employees, customers and potential auditors, that they use BetterCloud in a way that meets GDPR data processing obligations. The DPA pre-signed by BetterCloud, is a self-serve and easy-to-execute document that only requires an electronic signature from the customer.
After you execute the DPA, it will automatically be sent to the BetterCloud Legal team, and if accurately completed, the DPA will then become legally binding. We’ll communicate with you in the event of any issues. Send questions to email@example.com.
5. Does BetterCloud use any third parties (“sub-processors”) to process customer personal data?
Yes, we do. See the sub-processors page for a list of third parties with access to customer personal data.
6. Can BetterCloud help me respond to data subject requests?
Yes, we have established an SOP to support customer data subject requests in compliance with GDPR and CCPA requirements. Please submit requests to your Customer Success Manager, Technical Support, or firstname.lastname@example.org.
The BetterCloud’s security model is an end-to-end process, spanning application authentication and metadata storage, the hosting services that power our software, and employee data management and physical security.
- Usernames and passwords are never created, given, or stored by BetterCloud, as all user logins are verified using Single Sign-On.
- The OAuth 2.0 open standard allows customers to authorize BetterCloud to access their SaaS application without sharing personal account credentials.
- Role-Based Privileges enable admins to limit the permissions of some users within a team, including Help Desk, HR, or Security.
- Privileges are built on a multi-tiered system and include functionality to limit users to create, read, edit, or delete actions across applications and specific data objects (such as files or groups).
- BetterCloud accesses APIs for metadata around users, user email settings, groups, organizational units, contacts, calendars, calendar resources, documents, domain settings, and third-party application scope approvals.
- BetterCloud enables customers to scan files in cloud systems such as Google Drive, Box, and Slack, for certain attributes but never stores the content of those searches. BetterCloud only stores the metadata related to those files (e.g. document name, date last modified, owner, document size).
- BetterCloud logs the relevant activity into a system that is immutable, time synced, and accessible by account admins. Audit logs are fully exportable or can easily be searched through via the application.
- The event logs contain: BetterCloud user activities, the application affected by event, status of event (success/failed), event type, timestamp, and a brief description.
Secure Internet Connectivity (HTTPS)
- All of the BetterCloud application’s externally-facing services use HTTPS to ensure encryption in transit of all customer information, whether that connection is established with a customer’s local web browser or an API endpoint at one of the many SaaS integrations being managed and secured.
- The BetterCloud application uses Transport Layer Security (TLS) version 1.2 or higher to protect HTTPS communications.