Malcom Gladwell, Arianna Huffington to headline VOICES Virtual. Register for Free

intro-250423

Our best-in-class infrastructure protects customer data throughout its entire lifecycle in the platform. A powerful suite of customizable settings and tools also afford our customers the autonomy to further define their own security and privacy parameters.

We strongly believe that security shouldn’t be a second thought. With Staffbase’s enterprise-ready support, all of our customers can fully depend on a safe and reliable platform suited to their needs and concerns.

As of March 2023

A group of different security certificates

Staffbase Certifications

All Staffbase certifications and compliance documents are available at Staffbase Trust Center.

Visit our Trust Center
businesses-en250414

Over 2000 businesses and over one million of their employees around the globe rely on the Staffbase platform and products every day to securely communicate within their company. Our customers have a wide variety of security and privacy needs, with many coming from the most highly regulated and security-sensitive industries in the world. With this in mind, security is of utmost importance to our platform and vision.

At Staffbase, our strong foundation of product features and provider processes ensures industry-leading protection across the board.

Infrastructure and Hosting

We understand that hosting locations are important for our customers and their compliance requirements. As a result, Staffbase customers can choose between EU hosting or US hosting for the services. More information on our providers can be found at our subprocessor page .

EU Hosting (Germany)

The EU Staffbase servers are hosted by Microsoft Azure (Employee App/Intranet and Staffbase Email) and Amazon Web Services (Email Classic) in Frankfurt, Germany. These facilities are compliant with ISO 27001 and SOC 2.

US Hosting

North American Staffbase servers are hosted by Microsoft Azure (Employee App/Intranet and Staffbase Email) and Amazon Web Services (Email Classic). These facilities are compliant with ISO 27001 and SOC 2. Hosting is at Azure’s secure facilities in Virginia, USA (Employee App/Intranet and Staffbase Email) and at AWS Oregon (Email Classic).

Australian Hosting

Australian Staffbase servers are hosted by Microsoft Azure (Employee App/Intranet and Staffbase Email). These facilities are located in Australia East (NSW) with redundancies in Australia South-East (VIC) and are compliant with ISO 27001 as well as SOC 2.

Responsible Disclosure

External hackers are also welcome to submit findings with CVSS ratings >= 9.0 through our public page here and automatically get invited to our private bug bounty program at hackerone.com.

privacy-and-data-250423

Privacy and Data Protection

With its roots in Germany and the EU, Staffbase has put privacy and data protection at the core of how we have developed our products, services, and our internal governance. Germany has some of the strictest data privacy laws in the world, and we bring our experience in Germany into the way we develop and build employee communications.

Data Processing Agreements (DPA) - GDPR

Staffbase offers GDPR-compliant data processing agreements (DPAs) for our customers. In addition, through the vendor review process mentioned above, Staffbase has in place relevant data processing agreements with any sub-processors of personal data.
Read more

EU General Data Protection Regulation (GDPR)

Staffbase complies with the requirements of the EU General Data Protection Regulation and provides a secure communication platform that protects employee and customer data equally. The privacy rights of our customers, and their employees, and the security of their personal data are our highest priorities.Therefore, under the guidance of our Legal & Compliance department, our Data Protection Officer (DPO), and our Security team, we have created a GDPR compliance program.
Read more

Health Insurance Portability and Accountability Act (HIPAA)

Staffbase supports its customers with data protection requirements under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), where relevant. The HIPAA requirements for a business associate are met through Staffbase’s ISO 27001 certification. In addition, Staffbase has drafted a Business Associate Agreement (BAA) that is tailored to our services and meets the HIPAA requirements.
Read more

California Consumer Protection Act (CCPA)

Staffbase, as a ‘service provider’, complies with the CCPA rules. We support customers with their obligations under the CCPA and our Data Processing Agreement contains a specific section on Staffbase’s obligations towards customers under the CCPA.
Read more

Any further questions on Information Security at Staffbase?

Visit our Trust Center
Gartner Peer Insights™ are trademarks of Gartner, Inc. and/or its affiliates. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.