Bookum Logo

Data Security and Protection

Bookum ensures that data sent in transit are encrypted using the industry standard Transport Layer Security (TLS) version 1.2.

Bookum uses Amazon S3 cloud storage and MongoDB, a non-relational database, to securely store user data. This encompasses user profiles, data credentials, images and contents shared by users. Both MongoDB databases and S3 storage buckets have rigorous access restrictions enabled, with encryption at rest using 256-bit Advanced Encryption Standard keys, which is the industry standard.

Data Backups

Bookum users data undergoes continuous backup with encryption enabled, ensuring work preservation regardless of incidents.

Bookum creates a fully daily database snapshot, the snapshots are not publicly accessible and is saved for 14 days.

Infrastructure, Network-level and Application Security Monitoring

We utilize a cloud-native approach, running all services through Amazon Web Services rather than managing private hosting infrastructure. AWS provides strong security for its facilities and compliance with key certifications, extending safeguards to our systems as well. Building on their reliable cloud platform allows us to focus on our products rather than underlying infrastructure. Details on AWS protections can be found in their documentation

We utilize virtual private cloud partitioning to isolate public-facing and private infrastructure. Production and non-production (pre-production) systems reside in distinct VPCs. Port access controls govern network flows.

Activity logs are stored to furnish detailed audit histories, tracing application actions over time for examination. We also combine our log monitoring with execptional anomaly detection, which allows us to identify abnormal application behavior.

Employee Access and Change Management

  • Bookum's controls prevent unauthorized code alterations, and any form of access request from employees are logged.
  • Production pushes have restrictions allowing only a limited subset of employees to deploy live changes.
  • Sensitive data and access tokens are handled securely, ensuring they will never enter code repositories through our DevSecOps processes.
  • A Non-Disclosure and Confidentiality Agreement is mandatory for all staff to sign upon employment in order to safeguard sensitive customer data. This legally binds employees to preserving the privacy of any customer information they may encounter.
  • Bookum employees who are no longer with the company get all permissions and access revoked as well as employees whose role and tasks don't need access are not given a set of assets.