Security, Privacy, and Compliance
Trust is a core value at Crossbeam.
Crossbeam’s Commitment
Data privacy and security is embedded in every part of our business. Our Security Portal outlines the high-level details for several of the frameworks, regulations, and certifications that apply to our company and its products.
You can also access more comprehensive security and compliance details in the Security section of our documentation or contact security@crossbeam.com with specific questions or requests.
SOC 2 Type II
Our SOC 2 Type II report is available to current and prospective enterprise customers upon request, subject to the appropriate non-disclosure agreements.
This practice ensures that Crossbeam maintains a robust set of security controls, policies, and practices that are validated by regular external audits by AICPA’s SOC for Service Organizations Trust Services Criteria.
GDPR and CCPA
The European Union’s General Data Protection Regulation (GDPR) creates a standard framework to which all compliant businesses must adhere, creating clarity and transparency for customers. Similarly, the California Consumer Privacy Act (CCPA) is a California state statute intended to enhance privacy rights and consumer protection for residents of California.
To ensure compliance with both GDPR and CCPA for our customers, Crossbeam offers a comprehensive Data Processing Addendum (DPA). This DPA enacts standard contractual clauses set forth by the European Commission to establish a legal basis for cross-border data transfers from the EU. It also sets forth our standards regarding the handling Personal Information governed by CCPA.
View Crossbeam’s GDPR and CCPA Data Processing Addendum (DPA)
View Crossbeam’s Subprocessors list
ISO 27001 and ISO 27701
Crossbeam was audited and granted the ISO standards by the globally accredited certification body, A-LIGN. A-LIGN independently audited Crossbeam’s company policies, procedures, and systems across five categories known as “Trust Services Criteria”: Security, Availability, Processing Integrity, Confidentiality, and Privacy to be eligible for these accreditations. The ISO 27001 certification evaluates how well Crossbeam protects and processes data in the cloud while the ISO 27701 certification evaluates how the company handles personal data.
View the certificates here
Data Transfers and Privacy Dispute Resolution
For clients transferring data out of the EU or EEA into Crossbeam, our DPA includes the European Commission’s standard contractual clauses (SCCs). The SCCs offer sufficient safeguards on data protection for the data to be transferred internationally.
Additionally, Crossbeam remains certified under the EU-US Privacy Shield Framework. More information on Privacy Shield is available here. U.S. businesses participating in the Privacy Shield Frameworks must provide an independent dispute resolution service to EU or Swiss individuals whose personal data they transfer to the United States. Crossbeam participates in the BBB EU Privacy Shield program, operated by the Council of Better Business Bureaus, for independent dispute resolution.
BBB Dispute Resolution Process Information
Penetration Test Report Available
An external security firm conducts quarterly penetration tests of Crossbeam’s systems. These tests include automated scans and manual testing by security experts seeking to uncover vulnerabilities. Copies of our most recent penetration tests are made available to Crossbeam customers upon request, subject to the appropriate non-disclosure agreements. For more information, read our usage standards.
Security Resources
Crossbeam maintains several additional online resources related to our policies, terms, and practices.
Crossbeam Terms of Service
Crossbeam Privacy Policy
Security and Compliance FAQs
Security Portal
Turn your ecosystem into your #1 revenue source
Get started in under a minute. Instantly capture insights from your partners. Identify more opportunities. Did we mention it’s free?