Data security, integrity, and compliance
Quickbase’s best-in-class security standards give you confidence that your data is secure and meets all industry and internal compliance regulations. Quickbase simplifies the data governance process, improving data integrity while helping IT proactively manage risk. The Quickbase platform includes important security and governance features to ensure that the data within the Quickbase platform is reliable, safe and secure.
For detailed information on Quickbase’s security posture, and information how to access our SOC 2 information, please visit our Quickbase Security page.
Data segregation
The Quickbase multi-tenant platform segregates customer data, giving individual customer control of logical access to their data via authentication and authorization at the Realm, Account and Application layers. Realms, otherwise thought of as a sub-domain, hold customer Accounts. Within accounts are Quickbase Applications which are built and managed by the customer. Customers manage access and permissions at the Realm, Account and App layers via the Quickbase platform.
Data retention
Quickbase removes customer data from the Quickbase platform after service termination. Data will be held in Quickbase backup systems for 6 months until it is fully purged. Quickbase sends authorized customer contacts a Certificate of Data Destruction, certifying your app data is completely purged from all Quickbase systems.
Encryption
Data on the Quickbase platform is encrypted in motion and at rest. In motion, communications sent over non-trusted internet networks are encrypted up to 256 bit (SHA2) TLS certificate, TLS 1.2 and 1.3. At rest, app data and file attachments are encrypted at the application layer use an AES 256 bit encryption key.
For more advanced compliance needs, Quickbase gives customers the option of obtaining a realm-specific key for an additional layer of data security. In addition to having a unique encryption key, customers who subscribe to this feature can rotate realm-specific encryption keys on their own schedule. Additionally we offer integration with AWS KMS.
Logging and auditing
Operational logs from servers, devices and services are secured in a 3rd-party log management platform which performs log analysis, alerting and reporting as well as investigation capabilities for Quickbase operations, engineering and security teams. These are retained for 3 months.
Quickbase additionally provides Audit Logs as an additional feature for customers to track their realm user activity, data and schema changes to applications to ensure security standards and compliance policies are upheld. Choose to store audit logs for 6 months up to 7 years.
Pen tests
Following best-in-class security management standards, Quickbase consults with a third-party security firm to conduct a comprehensive security penetration test on an annual basis. The pen test report is available for customers or prospects under an NDA.
Vulnerability scans
Quickbase employs a variety of tools and processes including static code analysis and dynamic web application scans designed to detect security vulnerabilities. Customers may run a security scan against the Quickbase platform under specific conditions.
Data centers
The Quickbase platform is hosted at Flexential Tier 4 data centers located in Las Vegas, NV and Denver, CO. Additionally Quickbase utilizes Amazon AWS for ancillary services such as WebHooks and Quickbase Sync and Google Cloud for Quickbase Pipelines.
Reliability and uptime
Quickbase has unparalleled uptime and reliability, with an average uptime of 99.9%. Quickbase makes uptime stats widely available through the service page. Customers are encouraged to monitor this page to see news of upcoming maintenance, or updates on occurrences on the platform.
Certifications and attestations
Quickbase conducts 3rd party audits to attest for the platform’s system and organizational controls and validate the organization’s commitment to delivering high quality, secure services to clients. To view a complete list of certifications & attestations please visit the Quickbase Security page.