Articles in this section

Outlook add-in data security and privacy

Avatar
Amber Van
  • Updated
Follow

 

With BombBomb's Outlook add-in, Outlook users can record and send video emails from within their Outlook email server. 

 

At BombBomb, we care about your privacy and your personal data. We strive to maintain a high standard of security to protect it. Here's all you need to know about BombBomb's Outlook add-in data security and privacy. 

 

Compatibility: This add-in is compatible with Outlook 365 Web, Windows 10 Desktop Outlook 365, and Mac Desktop Outlook 365.

Data privacy: BombBomb's add-in works on your current email inbox without SMTP server access. No visibility into your email body or contents are collected. The BombBomb add-in only has the ability within your email to embed the following: 

  • A tag pointing to your video
  • A tracking URL on any links in the email to track clicks, if you have email tracking enabled
  • Thumbnail URL

BombBomb’s Outlook add-in collects the following data points for the purposes of delivering emails and tracking the results of your sends:

Recipient data: (The tracking feature must be turned on for these recipient data points to be collected.) 

        • Recipient email address
        • Recipient name
        • Recipient interactions with the video email (i.e. opens, clicks, plays)
        • Subject line of the email being sent

Data security and integrity: Communication protocols are encrypted using TLS 1.2 over public networks. Data at rest is encrypted using a minimum of AES 256. A Bastion Host also governs all access to customer Production data. 

 

Continuous monitoring: Monitoring, alerting, and centralized log and event management

  • On-call security team monitors all web application activity through a SIEM
  • 24/7 application performance monitoring
  • Monthly pen-testing performed by IT staff
  • Routine 3rd party security reviews and pen tests
  • Log aggregation and retention for compliance

Private subnet: All endpoints sit behind a subnet to protect against attack

  • MFA required for access to Production data
  • VPN IP restrictions are enforced to allow access to authorized team members only

Authentication: SSO and OAUTH2 integration

Authorization: Role- and permission-based access to prevent unauthorized access

  • AWS IAM role
  • Custom ACLs

AWS Security: Application is hosted within AWS and uses a multi-tenant architecture

Change management: The entire build and deployment ecosystem is governed by a gating process that is enforced, including: 

  • Peer code review for secure coding practices
  • QA testing and automated testing for application functionality

Read our data security FAQs.  

Related articles

Comments

0 comments

Please sign in to leave a comment.