DocumentationSecurityCompliance
Security

Compliance

SOC2, GDPR, and more

Compliance

BambooSnow maintains compliance with major security and privacy frameworks to protect your data and meet regulatory requirements.

Certifications

SOC 2 Type II

BambooSnow is SOC 2 Type II certified, demonstrating our commitment to:

  • Security - Protecting against unauthorized access
  • Availability - Ensuring system reliability
  • Processing Integrity - Accurate and complete processing
  • Confidentiality - Protecting confidential information
  • Privacy - Handling personal information appropriately

Request our SOC 2 report: compliance@bamboosnow.com

ISO 27001

Our information security management system is certified to ISO 27001:2013 standards.

Privacy Regulations

GDPR Compliance

For users in the European Union:

Data Subject Rights

  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to data portability
  • Right to object
  • Right to restrict processing

Our Commitments

  • Data Processing Agreement available
  • EU data residency option
  • Privacy by design
  • 72-hour breach notification

CCPA Compliance

For California residents:

Your Rights

  • Right to know what data we collect
  • Right to delete your data
  • Right to opt-out of data sales
  • Right to non-discrimination

Our Commitments

  • We don't sell personal information
  • Clear privacy disclosures
  • Easy opt-out mechanisms

Other Privacy Laws

We also comply with:

  • LGPD (Brazil)
  • PIPEDA (Canada)
  • APPI (Japan)
  • Privacy Act (Australia)

Industry Standards

OWASP Top 10

Our development practices address OWASP Top 10:

| Vulnerability | Mitigation | |---------------|------------| | Injection | Parameterized queries, input validation | | Broken Authentication | OAuth 2.0, MFA support | | Sensitive Data Exposure | Encryption, minimal data collection | | XXE | Disabled external entities | | Broken Access Control | RBAC, permission checks | | Security Misconfig | Automated hardening | | XSS | Content Security Policy, sanitization | | Insecure Deserialization | Type checking, allowlisting | | Known Vulnerabilities | Automated dependency scanning | | Insufficient Logging | Comprehensive audit logs |

CIS Controls

We implement CIS Critical Security Controls:

  • Inventory and control of assets
  • Continuous vulnerability management
  • Controlled use of administrative privileges
  • Secure configuration for hardware and software
  • Maintenance, monitoring, and analysis of audit logs

Vendor Management

Subprocessors

We use trusted subprocessors:

| Vendor | Purpose | Location | |--------|---------|----------| | AWS | Infrastructure | US, EU | | GitHub | Authentication | US | | Stripe | Payments | US | | Datadog | Monitoring | US |

Full subprocessor list: bamboosnow.com/subprocessors

Vendor Security

All vendors must:

  • Meet our security requirements
  • Sign data processing agreements
  • Undergo annual security review
  • Maintain relevant certifications

Compliance Documents

Available Documents

| Document | Description | Access | |----------|-------------|--------| | SOC 2 Report | Type II audit report | On request | | DPA | Data Processing Agreement | Self-service | | Security Whitepaper | Detailed security overview | Public | | Penetration Test Summary | Annual pentest results | Enterprise |

Requesting Documents

  1. Log into your account
  2. Go to Settings > Compliance
  3. Download available documents
  4. Request additional documents

Security Questionnaires

SIG/SIG Lite

We maintain completed SIG questionnaires:

  • SIG Core updated annually
  • SIG Lite available on request

Custom Questionnaires

For enterprise customers:

  • We complete security questionnaires
  • Typical turnaround: 5 business days
  • Contact sales@bamboosnow.com

Compliance Controls

For Your Compliance

BambooSnow helps you meet compliance:

For SOC 2

  • Audit logs for access review
  • Change management tracking
  • Incident documentation

For HIPAA

  • BAA available for Enterprise
  • Access controls
  • Audit logging
  • Encryption

For PCI DSS

  • No cardholder data processed
  • Stripe handles payment data
  • Access segmentation

Reporting

Compliance Reports

Generate compliance reports:

  1. Go to Settings > Compliance
  2. Select report type
  3. Choose date range
  4. Download report

Available Reports

  • Access audit report
  • Agent activity report
  • Data access report
  • Security events report
  • User permission report

Contact

Compliance Team

  • Email: compliance@bamboosnow.com
  • Response time: 2 business days
  • DPA requests: Immediate

Security Team

  • Email: security@bamboosnow.com
  • Vulnerability reports: 24 hours
  • Security incidents: Immediate
Previous
Access Controls
BambooSnow - AI Agent Automation Platform