π verybusy.io β Platform Security & Infrastructure Overview
At verybusy.io, the security and privacy of your teamβs data are top priorities. Below is a comprehensive overview of the platformβs infrastructure, vendor tools, and ongoing compliance measures.
β
π Compliance & Audit Status
verybusy.io is currently undergoing a SOC I Type I audit in partnership with Drata and Assurance Labs.
For enterprise clients, a letter of engagement is available upon request.
We are on track to complete the SOC I audit by end of Q2 2025, with our SOC II observation period beginning immediately after.
β
𧱠Enterprise-Grade Account Security
We protect user access with layered authentication protocols:
All users must create a password-protected profile and verify their email before accessing any project.
Two-Factor Authentication (2FA) is available in user settings.
Single Sign-On (SSO) is supported via Google and Microsoft.
Enterprise clients can also enable SAML-based SSO with SCIM provisioning for centralized authentication and automated user management.
βοΈ Cloud Infrastructure & Data Protection
verybusy.io is hosted on Amazon Web Services (AWS), leveraging its secure and scalable cloud platform. We utilize a wide range of AWS services to ensure security and operational resilience. Additionally, we integrate third-party tools like New Relic to extend observability and application performance monitoring across our stack:
β
π Security & Compliance
AWS WAF β Web Application Firewall
AWS Shield β DDoS protection
AWS GuardDuty β Threat detection
AWS Inspector β Automated vulnerability management
AWS Secrets Manager β Credential and token storage
AWS KMS (Key Management Service) β Key control and policy management
IAM & IAM Access Analyzer β Access control and policy validation
CloudTrail β Activity logging and auditing
π Monitoring & Observability
CloudWatch & CloudWatch Events β Metrics, logs, and system-level monitoring
SNS (Simple Notification Service) β Real-time alerts and notifications
New Relic β Full-stack application performance monitoring and anomaly detection
π οΈ Core Infrastructure
EC2 (Instances & Other) β Compute resources
VPC β Isolated networking and routing
Elastic Load Balancing (ELB) β High-availability traffic management
ECR & ECS β Container registry and orchestration
Lambda β Event-based serverless execution
Route 53 β Global DNS resolution
CloudFront β Content delivery and caching
SES (Simple Email Service) β Email notifications
CloudShell β Secure CLI management
πΎ Storage & Data Management
Amazon S3 β Secure object storage
RDS β Managed relational databases
DynamoDB β High-speed NoSQL data layer
ElastiCache β Memory caching
Glacier β Long-term archival storage
βοΈ Automation & DevOps
CloudFormation β Infrastructure as code
Service Catalog β Pre-approved deployment configurations
Kinesis Firehose β Log streaming and delivery pipelines
β
π Third-Party Vendors
GitHub (Code Management)
We use GitHub as our source control and code collaboration platform. GitHub helps us manage versioning, peer reviews, CI/CD workflows, and integrates securely with our deployment pipeline.
β
Imgix (CDN)
We use Imgix as a content delivery network (CDN) for real-time image processing and secure global delivery. Their security and compliance posture is detailed here:
π Imgix Security & Compliance
Intercom (User Communication)
For customer support, onboarding, and in-app messaging, we use Intercom. Intercomβs infrastructure is compliant with major standards and certifications:
π Intercom Trust Center
β
New Relic (Performance Monitoring)
We use New Relic to monitor application performance and availability across the stack. It provides real-time observability, alerting, and error tracking to ensure a smooth user experience.
β
π‘οΈ Network & Database Access Controls
Access to our production database is strictly limited to IPs within our VPC.
External access (including internal team members) is denied by default unless explicitly granted for maintenance or support needs.
β
ποΈ Content Privacy & File Management
Files are stored on Amazon S3 and served via time-limited, signed URLs.
We also use secure URLs through Imgix and other trusted infrastructure where needed.
Assets remain available until deleted by the user or workspace owner.
Trial user content is purged after 90 days of inactivity.
We never access, use, or share your content without explicit consent.
β
π³ Payment & Billing Security
All billing is handled through Stripe, a PCI DSS Level 1 certified provider.
Stripe uses secure tokenization and fraud prevention measures to protect all payment data.
β
π₯ Security Questionnaires
If you are an enterprise customer and need to complete a security questionnaire, please contact your account representative.
β
β