Privacy and Security

This technology platform is operated by Boss Insights, a Canadian technology company that provides financial institutions with the ability to engage with their business customers.

Boss Insights values security and holds customers' data in high regard. Your data will be managed by Boss Insights and secured by various measures held to high standards. Your data is only shared with your financial institution for their legitimate business purposes under the terms agreed when you signed up for their service and will be treated in accordance with their Privacy Policy. Continue reading to learn more about the steps Boss Insights takes.

Data Security & Encryption

Boss Insights uses SSL256bit encryption for transmitting data and 256bit server side encryption for data at rest on our systems. Their systems are hosted on Amazon Web Services. Your data will reside in various secure data centers within a given country (US, Canada, UK) and be may relocated from time to time in order to maintain availability of their service to you.

Audited

Boss Insights is audited regularly by an accredited member of the American Institute of Certified Public Accountants (AICPA) for SOC2 compliance, this ensures that not only does Boss Insights operate it’s business and technology platform in a secure and private way but that it is also verified by an independent party.

Tested

Boss Insights takes a proactive approach with penetration testing, also known as pen testing. This involves hiring an external party to test their organizations computer systems, networks, and applications for vulnerabilities and weaknesses that hackers or cybercriminals could exploit to gain unauthorized access to sensitive information. By catching any vulnerabilities beforehand, they ensure security and data privacy.

---

What is SOC2?

SOC2 stands for Systems and Organization Controls 2 and refers to security framework outlining how companies should handle customer data that is stored in the cloud. It’s a type of audit report that organizations can obtain to demonstrate that they have adequate controls in place to protect the security, availability, processing integrity, confidentiality, and privacy of their customers' data. In other words, it's like a stamp of approval that shows that the organization has taken the necessary steps to protect the sensitive information that they handle.

It's important for companies that provide services to other companies, such as cloud providers or software as a service (SaaS) providers, to obtain SOC2 reports to demonstrate their commitment to security and privacy. To obtain a SOC2 report, the organization has to undergo an audit by an independent third party who evaluates their controls and procedures. If the organization passes the audit, they receive a report that they can share with their customers and other stakeholders to demonstrate their commitment to security and privacy.

What Is Penetration Testing?

Penetration testing is often abbreviated to pen testing, as shown on the badge at the top of this page. It is a process of testing an organization's computer systems, networks, and applications for vulnerabilities and weaknesses that hackers or cybercriminals could exploit to gain unauthorized access to sensitive information.

During a penetration test, a trained professional, often referred to as a "pen tester," attempts to simulate the actions of a hacker by using various techniques and tools to identify potential vulnerabilities. The goal is to uncover weaknesses before they can be exploited by real attackers and to help organizations strengthen their defenses to better protect their sensitive data. Penetration testing is necessary for data privacy and security because it helps identify potential security risks and vulnerabilities that could lead to data breaches and cyber attacks. By discovering these weaknesses, organizations can take proactive measures to fix them before they can be exploited by malicious actors.

In addition to identifying vulnerabilities, penetration testing can also help organizations evaluate the effectiveness of their security controls and policies, and identify areas where additional security measures may be needed. This can help organizations stay ahead of the constantly evolving threat landscape and ensure that they are doing everything they can to protect their data and maintain the trust of their customers.

What Is SSL 256bit Encryption?

SSL 256-bit encryption is a technology that helps keep your online data safe and secure. It's a type of encryption that uses a 256-bit key to scramble your data and make it unreadable to anyone who doesn't have the key to unscramble it. Think of it like a secret code that only you and the website you're interacting with can understand. When you enter your personal information or log in to a website with SSL 256-bit encryption, your data is scrambled into a complex code that's nearly impossible for anyone else to decipher.

SSL 256-bit encryption is important for privacy and security because it helps protect your data from cyber attacks, hackers, and other online threats. Without encryption, your data is vulnerable to interception and theft by cybercriminals who can use it for identity theft, fraud, and other malicious activities. By using SSL 256-bit encryption, websites can ensure that your personal information stays private and secure, giving you peace of mind when sharing sensitive information over the internet.