With BombBomb's Chrome Extension, you can record and send videos right from your chrome browser.
At BombBomb, we care about your privacy and your personal data. We strive to maintain a high standard of security to protect it. Here's all you need to know about BombBomb's Outlook add-in data security and privacy.
Compatibility: Works directly inside existing Google Chrome browsers
- Available for download from the Chrome web store
- Approved for use by Google's Security Review
Data privacy: BombBomb's Chrome Extension collects two types of datapoints with your use of the extension for the purpose of delivering our service to customers:
Recipient Data: (The Chrome Extension's tracking feature must be turned on for these recipient datapoints to be collected by our app.)
- Recipient email
- Recipient name
- Recipient interactions with video email (opens, clicks, plays)
- Video email i.d.
- Subject line of email being sent
- Url landing page of the video email
- BombBomb account I.D.
- Name of sender
- Email address of sender
Data security and integrity: Communication protocols are encrypted using TLS 1.2 over public networks. Data at rest is encrypted using a minimum of AES 256. A Bastion Host also governs all access to customer Production data.
Continuous monitoring: Monitoring, alerting and centralized log and event management
- On-call security team monitors all web application activity through a SIEM
- 24/7 application performance monitoring
- Monthly pentesting performed by IT staff
- Routine 3rd party security reviews and pen tests
- Log aggregation and retention for compliance
Private subnet: All endpoints sit behind a subnet to protect against attack
- MFA required for access to customer production data
- VPN IP restrictions are enforced to allow access to authorized team members only
Authentication: SSO and OAUTH 2.0 integration with Gmail
Authorization: Role- and permission-based access to prevent unauthorized access to your data
- AWS IAM roles
- Custom ACLs
Change management: The entire build and deployment ecosystem is governed by a gating process that is enforced, including:
- Peer code review for secure coding practices
- QA testing and automated testing for application functionality