At Kaboom, we implement enterprise-grade security controls across our infrastructure, operations,
and products to protect customer data and systems.
Kaboom is compliant with AICPA SOC requirements.
We enforce unique system authentication and restricted database access, with AES-256 encryption protecting your data during storage and transmission. Our encryption key management follows strict business requirements to ensure maximum security.
Our systems undergo regular security patches and updates with continuous monitoring to protect against emerging vulnerabilities.
We maintain strict data isolation, ensuring customer data is never used for training or fine-tuning foundation models or shared with other customers.
Your data is protected by secure cloud infrastructure with private networks, regular backups, and continuous security monitoring.
Our integrations with Google, Microsoft, Zoom, and other platforms are officially verified and security-approved by each provider.
Kaboom is SOC 2 Type 2 compliant, meaning we adhere to the highest industry standards for data security, availability, processing integrity, confidentiality, and privacy. Our security measures include:
1. Access Controls – Strict role-based access controls (RBAC) and least privilege access ensure only authorized personnel can access sensitive data.Encryption – Data is encrypted both at rest (AES-256) and in transit (TLS 1.2+).
2. Audit Logging & Monitoring – We maintain comprehensive audit logs to track all system access and activities, with real-time monitoring for suspicious behavior.
3. Data Retention & Deletion Policies – We enforce a Zero-Day Retention (ZDR) policy whenever possible and ensure customer data is securely deleted when no longer needed
4. Incident Response Plan – A structured incident response process is in place to detect, investigate, and mitigate security incidents swiftly.
5. Third-Party Risk Management – Vendors and partners undergo security assessments to ensure compliance with our security and privacy policies.
6. Regular Security Audits & Penetration Testing – We conduct independent SOC 2 audits and perform periodic penetration testing to identify and remediate vulnerabilities.
7. Physical & Infrastructure Security – Kaboom leverages secure, enterprise-grade cloud infrastructure with redundancy, disaster recovery, and physical security controls.
8. Privacy & Data Protection – We follow strict data privacy policies and do not use customer data to train third-party AI models.
9. Employee Security Training – All employees undergo regular security awareness training, including phishing prevention, data handling, and compliance protocols.
By implementing these SOC 2-aligned security practices, we ensure your data remains secure, private, and protected at all times.
You maintain full ownership and control of your data. You decide who has access to what information, and we provide tools to manage these permissions. If you choose to leave our platform, we'll ensure it's removed from our systems.
We use enterprise-grade cloud infrastructure to store your data securely. For companies with specific data location requirements, we offer options to deploy within your preferred infrastructure as part of our enterprise plan.
We use industry-leading security practices including data encryption, secure cloud infrastructure, and comprehensive backup systems. We secure all sensitive data through encryption at rest and in transit, with restricted encryption key access and regular security assessments following our data classification policies. Our security measures are continuously monitored and regularly tested to ensure your data remains protected.
We follow documented incident response procedures with regular testing, maintaining comprehensive tracking and communication protocols for resolution and improvement.
Kaboom is designed to be agnostic to the underlying large language models (LLMs). We provide third-party LLM option that are not trained on customer Content Data. To ensure data security, we implement enterprise-grade security measures and, whenever feasible, enforce a Zero-Day Retention (ZDR) policy with our third-party providers. Under no circumstances is customer data used to train third-party LLMs.
Kaboom only stores records that the user has explicitly specified based on account name and account-level data, email domains, or specific email addresses. Any data that falls outside of these predefined whitelisted rules and patterns is neither processed nor stored in Kaboom.
For indexing purposes, data added through integrations or uploads to Kaboom may be processed and stored in a vectorized format within our vector database. This format does not retain raw text and is not human-readable. Kaboom does not index customer data in plaintext, ensuring enhanced security and privacy.
Kaboom employees do not have default access to your workspace. They can only access it if you explicitly grant them access by extending an invitation. Even when invited, Kaboom employees cannot view any files without specific permission based on the invited roles.
Kaboom developers have access to underlying databases; however, access is strictly controlled through "least privilege" principles and monitored via audit trails to prevent unauthorized access to your data.