Staffbase Security

The Secure Employee Communication Platform

Visit our Trust Center
Mobile and desktop screens showing a company website with a factory background, navigation menu, and ISO 27001 certification badge.

Our best-in-class infrastructure protects customer data throughout its entire lifecycle in the platform. A powerful suite of customizable settings and tools also afford our customers the autonomy to further define their own security and privacy parameters.

We strongly believe that security shouldn’t be a second thought. With Staffbase’s enterprise-ready support, all of our customers can fully depend on a safe and reliable platform suited to their needs and concerns.

As of March 2023

Spacious modern office with open workspaces, a central green wall with "Staffbase" logo, and people walking and working at desks.

Staffbase Certifications

All Staffbase certifications and compliance documents are available at the Staffbase Trust Center.

Visit our Trust Center
Logos of various certifications and protections: AICPA SOC, TISAX, AWS Shield, GDPR, ISO 27001, and TX-RAMP Certified.

Over 2000 businesses and over one million of their employees around the globe rely on the Staffbase platform and products every day to securely communicate within their company. Our customers have a wide variety of security and privacy needs, with many coming from the most highly regulated and security-sensitive industries in the world. With this in mind, security is of utmost importance to our platform and vision.At Staffbase, our strong foundation of product features and provider processes ensures industry-leading protection across the board.

Logos of various companies including Deutsche Telekom, Audi, Mercedes-Benz, Adidas, MAN, DB, Vodafone, DHL, Hilton, GE Healthcare, BayWa, and Heraeus.

Infrastructure and Hosting

We understand that hosting locations are important for our customers and their compliance requirements. As a result, Staffbase customers can choose between EU hosting or US hosting for the services. More information on our providers can be found at our subprocessor page.

Staffbase Sub-Processors

EU Hosting (Germany)

The EU Staffbase servers are hosted by Microsoft Azure (Employee App/Intranet and Staffbase Email) and Amazon Web Services (Email Classic) in Frankfurt, Germany. These facilities are compliant with ISO 27001 and SOC 2.

US Hosting

North American Staffbase servers are hosted by Microsoft Azure (Employee App/Intranet and Staffbase Email) and Amazon Web Services (Email Classic). These facilities are compliant with ISO 27001 and SOC 2. Hosting is at Azure’s secure facilities in Virginia, USA (Employee App/Intranet and Staffbase Email) and at AWS Oregon (Email Classic).

Australian Hosting

Australian Staffbase servers are hosted by Microsoft Azure (Employee App/Intranet and Staffbase Email). These facilities are located in Australia East (NSW) with redundancies in Australia South-East (VIC) and are compliant with ISO 27001 as well as SOC 2.

Responsible Disclosure

External hackers are also welcome to submit findings with CVSS ratings >= 9.0 through our public page here and automatically get invited to our private bug bounty program at hackerone.com.

Open office space with people collaborating at a whiteboard. Desks with computers, a bicycle, and colorful dividers are visible.

Privacy and Data Protection

With its roots in Germany and the EU, Staffbase has put privacy and data protection at the core of how we have developed our products, services, and our internal governance. Germany has some of the strictest data privacy laws in the world, and we bring our experience in Germany into the way we develop and build employee communications.

Data Processing Agreements (DPA) - GDPR

Staffbase offers GDPR-compliant data processing agreements (DPAs) for our customers. In addition, through the vendor review process mentioned above, Staffbase has in place relevant data processing agreements with any sub-processors of personal data.

Read more

EU General Data Protection Regulation (GDPR)

Staffbase complies with the requirements of the EU General Data Protection Regulation and provides a secure communication platform that protects employee and customer data equally. The privacy rights of our customers, and their employees, and the security of their personal data are our highest priorities.Therefore, under the guidance of our Legal & Compliance department, our Data Protection Officer (DPO), and our Security team, we have created a GDPR compliance program.

Read more

Health Insurance Portability and Accountability Act (HIPAA)

Staffbase supports its customers with data protection requirements under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), where relevant. The HIPAA requirements for a business associate are met through Staffbase’s ISO 27001 certification. In addition, Staffbase has drafted a Business Associate Agreement (BAA) that is tailored to our services and meets the HIPAA requirements.

Read more

California Consumer Protection Act (CCPA)

Staffbase, as a ‘service provider’, complies with the CCPA rules. We support customers with their obligations under the CCPA and our Data Processing Agreement contains a specific section on Staffbase’s obligations towards customers under the CCPA.

Read more