With BombBomb's Outlook add-in, Outlook users can record and send video emails from within their Outlook email server.
At BombBomb, we care about your privacy and your personal data. We strive to maintain a high standard of security to protect it. Here's all you need to know about BombBomb's Outlook add-in data security and privacy.
Compatibility: This add-in is compatible with Outlook 365 Web, Windows 10 Desktop Outlook 365, and Mac Desktop Outlook 365.
Data privacy: BombBomb's add-in works on your current email inbox without SMTP server access. No visibility into your email body or contents are collected. The BombBomb add-in only has the ability within your email to embed the following:
- A tag pointing to your video
- A tracking URL on any links in the email to track clicks, if you have email tracking enabled
- Thumbnail URL
BombBomb’s Outlook add-in collects the following data points for the purposes of delivering emails and tracking the results of your sends:
Recipient data: (The tracking feature must be turned on for these recipient data points to be collected.)
- Recipient email address
- Recipient name
- Recipient interactions with the video email (i.e. opens, clicks, plays)
- Subject line of the email being sent
Data security and integrity: Communication protocols are encrypted using TLS 1.2 over public networks. Data at rest is encrypted using a minimum of AES 256. A Bastion Host also governs all access to customer Production data.
Continuous monitoring: Monitoring, alerting, and centralized log and event management
- On-call security team monitors all web application activity through a SIEM
- 24/7 application performance monitoring
- Monthly pen-testing performed by IT staff
- Routine 3rd party security reviews and pen tests
- Log aggregation and retention for compliance
Private subnet: All endpoints sit behind a subnet to protect against attack
- MFA required for access to Production data
- VPN IP restrictions are enforced to allow access to authorized team members only
Authentication: SSO and OAUTH2 integration
Authorization: Role- and permission-based access to prevent unauthorized access
- AWS IAM role
- Custom ACLs
AWS Security: Application is hosted within AWS and uses a multi-tenant architecture
Change management: The entire build and deployment ecosystem is governed by a gating process that is enforced, including:
- Peer code review for secure coding practices
- QA testing and automated testing for application functionality