Security & Trust

Last Updated: February 2026

Security is foundational to CueBoard. We know that entrusting us with your customer feedback data is an important decision. Here's how we protect it.

Our Security Commitment

CueBoard is committed to delivering powerful product intelligence while safeguarding the data you share with us. We've built security into every layer of our platform — from infrastructure to application to operations.

We ensure that each customer's data is kept safe and separate from other customers' data. CueBoard staff cannot access your data without your explicit permission, and we never use your data for any purpose other than providing the service you've contracted for.

Compliance

We validate our security controls through independent assessments:

  • SOC 2 Type II: Certification in progress — expected Q2 2026
  • GDPR: Compliant data processing for EU customers
  • CCPA: Compliant data handling for California residents

Our infrastructure is hosted on Amazon Web Services (AWS), which maintains compliance with ISO 27001, SOC 1/2/3, PCI DSS, and other frameworks. Learn more at aws.amazon.com/compliance.

Infrastructure Security

Redundant & Scalable Architecture

  • Deployed across multiple AWS availability zones in India
  • Auto-scaling infrastructure to handle demand spikes
  • Network isolation with properly configured security groups
  • DDoS protection and rate limiting

Encryption

  • In transit: TLS 1.2+ with modern cipher suites for all connections
  • At rest: AES-256 encryption for all stored data
  • Key management: Strict key rotation policies with access limited to authorized personnel

Monitoring & Detection

  • 24/7 monitoring for suspicious activity and potential threats
  • Automated alerting for anomalous behavior
  • Comprehensive logging and audit trails
  • Regular vulnerability scanning

Disaster Recovery

  • Data replicated across multiple availability zones
  • Daily backups with defined retention periods
  • Documented recovery procedures, regularly tested
  • RTO and RPO targets defined and monitored

Application Security

Authentication & Access Control

  • Single Sign-On (SSO) support via SAML 2.0 and OAuth
  • Multi-factor authentication (MFA) available for all accounts
  • Strong password requirements with secure hashing (bcrypt)
  • Role-based access control (RBAC) with granular permissions
  • Session management with automatic timeout

Data Isolation

  • Multi-tenant architecture with strict logical separation
  • Each customer assigned a unique identifier for access control
  • No cross-tenant data access possible
  • API authentication required for all data access

Secure Development

Development Practices

  • Documented Software Development Lifecycle (SDLC)
  • Security review as part of the design process
  • Peer code review before deployment
  • Automated security testing in CI/CD pipeline
  • Dependency scanning for known vulnerabilities

Penetration Testing

  • Annual third-party penetration testing
  • Findings remediated based on severity
  • Continuous improvement of security posture

Personnel Security

  • Background checks for all employees with system access
  • Security and privacy training upon hire and annually
  • Confidentiality agreements required
  • Principle of least privilege for system access
  • Regular access reviews and prompt offboarding

Incident Response

We maintain a documented incident response plan that includes:

  • Clear escalation procedures
  • Root cause analysis
  • Impact assessment and containment
  • Customer notification within 72 hours for data breaches
  • Post-incident review and improvement

Privacy by Design

  • PII detection and scrubbing capabilities
  • Data minimization — we only collect what's needed
  • Configurable data retention policies
  • Right to deletion honored promptly
  • No sale or sharing of customer data

AI Security

Our AI processing follows strict security guidelines:

  • Customer data not used to train AI models
  • Isolated processing environments
  • Enterprise agreements with AI providers
  • Output validation and human review recommended

Report a Vulnerability

If you've identified a security vulnerability in CueBoard, please report it responsibly:

We appreciate security researchers who help us keep CueBoard safe.

Questions?

For security inquiries or to request our security documentation: