blankWe put data security and customer privacy as our top priority.

CommBox offers enterprise-grade security capabilities that ensures full encryption on rest of sensitive information. Our bulletproof security is packed with features that offer secure transport of data as well as automatic identification and obfuscation of sensitive information, IP whitelisting, advanced data filtering, flexible deployment models (cloud, private cloud, and on-premise), and much more.

The CommBox platform is used by organizations that demand high level, information security standards such as: banks, insurance companies, large retailers, healthcare and government organizations.

Product Security

Single sign-on (SSO) – Permits user authentication in the system without forcing them to type in additional sign-in credentials.
Additionally, within the SSO we support SAML, LDAP, and AD.
Two factor authentication (2FA) - Two-step verification and authentication process used as an extra layer of security. It will send an SMS message to the stored phone number of the user with a one-time code after password typed in to verify the user identity.
Password storage - CommBox use a password complexity standard and credentials are stored using a PBKDF2 function. PBKDF2 are key derivation functions with a sliding computational rate, used to reduce vulnerabilities to brute force attacks.
Permissions – CommBox allows permission level within the platform to be set for system admins and managers. Each agent can assign with multiple permissions such as: channels, modules, general settings, and more.
Access restriction - Access to the system can only be restricted through authorized IP addresses. Additionally, user actions can be tracked in the system.
Integration – The integration process is done in REST. The integration between CommBox and the customer is done through a unique token and HTTPS secure server.

Network & Application Security

Data Hosting and Storage – CommBox platform and data are hosted in Amazon Web Services (AWS) facilities EU (west1) in Ireland.
Recovery plan – CommBox have a well-planned recovery plan. All the information is in a formal document that we can provide by demand.
Backup - All data is stored on two separate servers (production + backups) on AWS server farm. All information is backed up on the backup server up to two weeks back. In case the production server is unavailable, the backup server is available with the entire data.
Encryption - All data traffic passed through CommBox is encrypted in transit using 256-bit encryption. Our API and application endpoints are TLS/SSL and score an “A” rating. Additionally, CommBox encrypt data at rest using an industry-standard AES-256 encryption algorithm for maximum security.
Third party vendors – CommBox uses third party security tools to constantly check for vulnerabilities. CommBox security officer/s perform detailed penetration tests on the application and infrastructure side.
Accessing services from the Internet
  • Our company provides product over the internet (SAAS).
  • The site is AWS cloud base and has gone through the required vulnerability tests.
  • Permeability tests are carried out by our customers.

Added Security Features

GDPR compliance – CommBox complies with the EU GDPR (European Union General Data Protection Regulation) framework as set forth by the European Union regarding the collection, use, and retention of personal data from European Union member countries. CommBox has certified that it adheres to the requirements of notice, choice, onward transfer, security, data integrity, access and enforcement. Official documents are available by demand.
Privacy protection law – CommBox manage security and control measures under the Privacy Protection Law. CommBox manage a registered database. Our data base registration number: 600010836.
Confidentiality - We sign and undertake to sign every NDA (nondisclosure agreement).
All CommBox employees are signed on a general document commitment to maintain confidentiality.
Information Security Training – CommBox conduct seminars about customer information sensitivity upon employee entry. In addition, the subject is annually refreshed among all CommBox employees.

If you have any questions about security procedures, you can contact us at:

Learn why customers choose CommBox for their customer communications.

Request a Demo

We have rebranded blank

Thank you BumpYard. Hello CommBox

Say hello to, the intelligent customer communication center for live and automated interactions.

We’re extremely excited to announce that we have changed our company name to CommBox. It’s still the same company with the same awesome people! just a new name, a fresh look, and a brighter future.

Read full story