Security at OpenBoxes Lift

Enterprise-grade security to protect your business data

Compliance & Certifications

We maintain rigorous security standards and certifications

SOC 2

SOC 2 Type II

Independently audited security controls

HIPAA

HIPAA Ready

Data protection compliant for regulated industries

GDPR

GDPR Compliant

EU data protection regulation

ISO

ISO 27001

Information security management

Security Features

Comprehensive security measures at every layer

Authentication

  • Multi-factor authentication (MFA)
  • Single Sign-On (SSO) with SAML/OIDC
  • Password policies and complexity
  • Session management and timeouts

Access Control

  • Role-based access control (RBAC)
  • IP allowlisting (Enterprise tier)
  • API key scopes and permissions
  • Audit logging of all actions

Data Protection

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest (AES-256)
  • Secure key management
  • Data isolation between tenants

Infrastructure Security

Built on Google Cloud Platform with defense in depth

Edge Protection
Cloud Armor WAF, DDoS Protection
Load Balancing
Global Load Balancer, TLS Termination
Application
Kubernetes (GKE), Container Isolation
Data
Encrypted Storage, Private Network

Key Infrastructure Controls

  • Network Isolation: VPC with private subnets, no public IPs on workloads
  • Encryption: TLS 1.2+ in transit, AES-256 at rest
  • Access Control: IAM with least privilege, Workload Identity
  • Monitoring: 24/7 security monitoring, automated threat detection
  • Backups: Automated daily backups, cross-region replication
  • Updates: Automatic security patches, managed Kubernetes

Security Practices

Our commitment to security goes beyond technology

Security Testing

We conduct regular penetration testing, vulnerability assessments, and code security reviews with third-party security firms.

Incident Response

We maintain a documented incident response plan and conduct regular tabletop exercises to ensure rapid response to security events.

Employee Security

All employees undergo background checks and security awareness training. Access follows the principle of least privilege.

Vendor Management

Third-party vendors are evaluated for security practices and required to sign data protection agreements.

Report a Vulnerability

We take security seriously and appreciate responsible disclosure. If you discover a security vulnerability, please report it to:

We aim to respond to all reports within 24 hours and will work with you to resolve the issue promptly.

Have security questions?

Our security team is here to help address any concerns about protecting your data.

Contact Security Team