Privacy and Security
Customer Privacy and Data Security Across All Touchpoints
CommBox offers enterprise-grade security, with complete encryption of sensitive information, from users to end-consumers. Read on our security and compliance.






Product Security
Our bulletproof security guarantees the secure transport of data as well as automatic identification and obfuscation of sensitive information, IP whitelisting, advanced data filtering, flexible deployment models (cloud, private cloud, and on-premise), and much more.
Permits user authentication in the system without forcing them to type in additional sign-in credentials. Additionally, within the SSO we support SAML, LDAP, and AD.
Two-step verification and authentication process used as an extra layer of security. It will send an SMS message to the stored phone number of the user with a one-time code after password typed in to verify the user identity.
Password storage
CommBox use a password complexity standard and credentials are stored using a PBKDF2 function. PBKDF2 are key derivation functions with a sliding computational rate, used to reduce vulnerabilities to brute force attacks.
CommBox allows permission level within the platform to be set for system admins and managers. Each agent can assign with multiple permissions such as: channels, modules, general settings, and more.
Access to the system can only be restricted through authorized IP addresses. Additionally, user actions can be tracked in the system.
The integration process is done in REST. The integration between CommBox and the customer is done through a unique token and HTTPS secure server.

Network & Data Security
CommBox ensures complete data encryption, backup and recovery. Our customers’ data are stored on AWS servers, backed up two weeks back.
CommBox platform and data are hosted in Amazon Web Services (AWS) facilities EU (west1) in Ireland.
All data is stored on two separate servers (production + backups) on AWS server farm. All information is backed up on the backup server up to two weeks back. In case the production server is unavailable, the backup server is available with the entire data.
CommBox have a well-planned recovery plan. All the information is in a formal document that we can provide by demand.
All data traffic passed through CommBox is encrypted in transit using 256-bit encryption. Our API and application endpoints are TLS/SSL and score an “A” rating. Additionally, CommBox encrypt data at rest using an industry-standard AES-256 encryption algorithm for maximum security.

Compliance & Confidentiality
CommBox is GDPR and ISO compliant, and acts under the privacy protection law. Each CommBox customer signs an NDA to ensure confidentiality across all touchpoints.
CommBox complies with the EU GDPR (European Union General Data Protection Regulation) framework as set forth by the European Union regarding the collection, use, and retention of personal data from European Union member countries. CommBox has certified that it adheres to the requirements of notice, choice, onward transfer, security, data integrity, access and enforcement. Official documents are available by demand.
We sign and undertake to sign every NDA (nondisclosure agreement).
All CommBox employees are signed on a general document commitment to maintaining confidentiality.
CommBox manage security and control measures under the Privacy Protection Law. CommBox manage a registered database. Our data base registration number: 600010836.
See CommBox Data Processing Agreement – DPA
For any concerns regarding privacy and security please email us at: [email protected]