π verybusy.io β Platform Security & Infrastructure Overview
At verybusy.io, the security and privacy of your teamβs data are top priorities. Below is a comprehensive overview of the platformβs infrastructure, vendor tools, and ongoing compliance measures.
β
π Compliance & Audit Status
For enterprise clients, a letter of engagement is available upon request.
We are on track to complete the SOC II Type I audit by Q1 2026, with our SOC II Type II observation period beginning immediately after.
β
𧱠Enterprise-Grade Account Security
We protect user access with layered authentication protocols:
All users must create a password-protected profile and verify their email before accessing any project.
Two-Factor Authentication (2FA) is available in user settings.
Single Sign-On (SSO) is supported via Google and Microsoft.
Enterprise clients can also enable SAML-based SSO with SCIM provisioning for centralized authentication and automated user management.
βοΈ Cloud Infrastructure & Data Protection
verybusy.io is hosted on Amazon Web Services (AWS), leveraging its secure and scalable cloud platform. We utilize a wide range of AWS services to ensure security and operational resilience. Additionally, we integrate third-party tools like New Relic to extend observability and application performance monitoring across our stack:
β
π Security & Compliance
AWS WAF β Web Application Firewall
AWS Shield β DDoS protection
AWS GuardDuty β Threat detection
AWS Inspector β Automated vulnerability management
AWS Secrets Manager β Credential and token storage
AWS KMS (Key Management Service) β Key control and policy management
IAM & IAM Access Analyzer β Access control and policy validation
CloudTrail β Activity logging and auditing
π Monitoring & Observability
CloudWatch & CloudWatch Events β Metrics, logs, and system-level monitoring
SNS (Simple Notification Service) β Real-time alerts and notifications
New Relic β Full-stack application performance monitoring and anomaly detection
π οΈ Core Infrastructure
EC2 (Instances & Other) β Compute resources
VPC β Isolated networking and routing
Elastic Load Balancing (ELB) β High-availability traffic management
ECR & ECS β Container registry and orchestration
Lambda β Event-based serverless execution
Route 53 β Global DNS resolution
CloudFront β Content delivery and caching
SES (Simple Email Service) β Email notifications
CloudShell β Secure CLI management
πΎ Storage & Data Management
Amazon S3 β Secure object storage
RDS β Managed relational databases
DynamoDB β High-speed NoSQL data layer
ElastiCache β Memory caching
Glacier β Long-term archival storage
βοΈ Automation & DevOps
CloudFormation β Infrastructure as code
Service Catalog β Pre-approved deployment configurations
Kinesis Firehose β Log streaming and delivery pipelines
β
π Third-Party Vendors
π¨ We notify all VeryBusy.io users by email whenever we add, remove, or materially change a third party vendor that processes their data.
Amazon Web Services (Cloud Infrastructure)
We use Amazon Web Services (AWS) to host core application services, including compute, storage, databases, networking, and security controls. Data is encrypted at rest and in transit. Access is restricted through IAM with least privilege and MFA, and services are deployed across AWS regions for availability and resilience.
π AWS Security and Compliance Center
π AWS SOC Reports via AWS Artifact
π AWS Shared Responsibility Model
β
GitHub (Code Management)
We use GitHub as our source control and code collaboration platform. GitHub helps us manage versioning, peer reviews, CI/CD workflows, and integrates securely with our deployment pipeline.
β
Imgix (Image Processing and CDN)
We use Imgix as a content delivery network (CDN) for real-time image processing and secure global delivery. Their security and compliance posture is detailed here:
π Imgix Security & Compliance
Intercom (User Communication)
For customer support, onboarding, and in-app messaging, we use Intercom. Intercomβs infrastructure is compliant with major standards and certifications:
π Intercom Trust Center
β
New Relic (Performance Monitoring)
We use New Relic to monitor application performance and availability across the stack. It provides real-time observability, alerting, and error tracking to ensure a smooth user experience.
Stripe (Payments and Billing)
We use Stripe to process payments and manage subscriptions. Card data is sent directly to Stripe and never stored on VeryBusy systems. Stripe is PCI DSS Level 1 compliant. Webhooks are verified and access is restricted by least privilege.
π Stripe Security
π Stripe Compliance and PCI
π Stripe Privacy Center
β
π‘οΈ Network & Database Access Controls
Access to our production database is strictly limited to IPs within our VPC.
External access (including internal team members) is denied by default unless explicitly granted for maintenance or support needs.
β
ποΈ Content Privacy & File Management
Files are stored on Amazon S3 and served via time-limited, signed URLs.
We also use secure URLs through Imgix and other trusted infrastructure where needed.
Assets remain available until deleted by the user or workspace owner.
Trial user content is purged after 90 days of inactivity.
We never access, use, or share your content without explicit consent.
β
π³ Payment & Billing Security
All billing is handled through Stripe, a PCI DSS Level 1 certified provider.
Stripe uses secure tokenization and fraud prevention measures to protect all payment data.
β
π₯ Security Questionnaires
If you are an enterprise customer and need to complete a security questionnaire, please contact your account representative.
β
β