Security, privacy and compliance

Trust is a core value at Crossbeam.

Crossbeam’s commitment

Data privacy and security is embedded in every part of our business. Our Security Portal outlines the high-level details for several of the frameworks, regulations, and certifications that apply to our company and its products.

You can also access more comprehensive security and compliance details in the Security section of our documentation or contact security@crossbeam.com with specific questions or requests.

SOC 2 Type II

Our SOC 2 Type II report is available to current and prospective enterprise customers upon request, subject to the appropriate non-disclosure agreements.

This practice ensures that Crossbeam maintains a robust set of security controls, policies, and practices that are validated by regular external audits by AICPA’s SOC for Service Organizations Trust Services Criteria.

GDPR and CCPA

The European Union’s General Data Protection Regulation (GDPR) creates a standard framework to which all compliant businesses must adhere, creating clarity and transparency for customers. Similarly, the California Consumer Privacy Act (CCPA) is a California state statute intended to enhance privacy rights and consumer protection for residents of California.

To ensure compliance with both GDPR and CCPA for our customers, Crossbeam offers a comprehensive Data Processing Addendum (DPA). This DPA enacts standard contractual clauses set forth by the European Commission to establish a legal basis for cross-border data transfers from the EU. It also sets forth our standards regarding the handling Personal Information governed by CCPA.

ISO 27001 and ISO 27701

Crossbeam was audited and granted the ISO standards by the globally accredited certification body, A-LIGN.   
A-LIGN independently audited Crossbeam’s company policies, procedures, and systems across five categories known as “Trust Services Criteria” — Security, Availability, Processing Integrity, Confidentiality, and Privacy — to be eligible for these accreditations.The ISO 27001 certification evaluates how well Crossbeam protects and processes data in the cloud while the ISO 27701 certification evaluates how the company handles personal data.

Data Transfers and Privacy Dispute Resolution

For clients transferring data out of the EU or EEA into Crossbeam, our DPA includes the European Commission’s standard contractual clauses (SCCs). The SCCs offer sufficient safeguards on data protection for the data to be transferred internationally.

Additionally, Crossbeam remains certified under the EU-US Privacy Shield Framework. More information on Privacy Shield is available here. U.S. businesses participating in the Privacy Shield Frameworks must provide an independent dispute resolution service to EU or Swiss individuals whose personal data they transfer to the United States. Crossbeam participates in the BBB EU Privacy Shield program, operated by the Council of Better Business Bureaus, for independent dispute resolution.

Penetration Test Report available

An external security firm conducts quarterly penetration tests of Crossbeam’s systems. These tests include automated scans and manual testing by security experts seeking to uncover vulnerabilities. Copies of our most recent penetration tests are made available to Crossbeam customers upon request, subject to the appropriate non-disclosure agreements. For more information, read our usage standards.

Security Overview

To learn more about our security program at Crossbeam, please reference our Security Status Page

Powered by Safebase

Turn your ecosystem into your #1 revenue source

Instantly capture insights from your ecosystem in less than a minute.