Secure traffic
All application, database, webhook, and API traffic is encrypted in transit via TLS/HTTPS. AES-256 throughout.
Trust & Compliance
Security is one of our top priorities at Churn Buster.
Your customer data, the integrity of your billing, and the continuity of your service. Every layer of Churn Buster is designed around protecting them.
Our promise
Sensitive payment data never touches our servers.
Sensitive payment-method data is neither handled nor stored on Churn Buster servers. We work entirely with tokenized references from your payment processor — the raw card numbers stay where they belong, with PCI-certified processors like Stripe.
Security is directed and maintained by the Churn Buster Engineering leadership team, with annual third-party penetration testing and continuous internal review.
Six things we never compromise on.
These are the operating principles that govern how the product is built, deployed, and operated — every day, on every release.
Encrypted storage
Data stores are encrypted at the disk level. Sensitive fields (API keys, tokens) are encrypted further at-rest within the database.
Minimal data
Only mission-critical data is processed and stored. Everything is eradicated when service is cancelled, and PII is scrubbed from application logs by default.
Penetration testing
Annual security and penetration testing by an independent third-party firm. New vulnerabilities are addressed routinely as part of regular operations.
Employee access
Background checks, security training, and full-disk encryption on every employee device. VPNs, password managers, and 2FA wherever available.
Account access
Only authorized members of the Engineering and Success teams have access to your account data, behind two-factor authentication.
Tokenized references, never raw cards.
Payment processor account access
External keys are used to access payment processor data whenever possible. With Stripe, Churn Buster uses our own API key combined with your Account ID to interact with the Stripe API — this removes the need for Churn Buster to store your Stripe API key. For processors where this isn't possible, API keys and tokens are stored encrypted at-rest.
Churn Buster billing (PCI SAQ-A)
Churn Buster bills users using Stripe, a PCI Service Provider Level 1 certified payment processor — the most stringent certification level available. Stripe’s security information is available online. User card details are never transmitted through or stored on Churn Buster servers. We validate our PCI compliance annually by filing a SAQ-A questionnaire.
Capture card-update pages
Churn Buster hosts Capture pages that customers use to collect card details from their own end-customers. These pages are only available for users on payment processors (Stripe, Braintree, etc.) that use tokenized cards — preventing card data from ever transmitting through or being stored on Churn Buster servers.
Defense in depth, built into every release.
Two-factor authentication
2FA is available alongside password login via a time-based one-time-password algorithm (TOTP). We strongly encourage 2FA as an essential step toward securing data access.
API authentication
The Churn Buster REST API uses an Account ID and API Key for authentication. Credentials are passed in the auth header to authenticate the user account.
Email security
The Churn Buster service includes email notifications and digest reports. We have aggressive DMARC monitoring set up to prevent the possibility of phishing scams — you can see the TXT record on _dmarc.churnbuster.io.
Continuous delivery
All code changes are committed, tested, shipped, and iterated on in a rapid sequence. Pull-request review, continuous integration, and automated error tracking decrease the likelihood of a security issue and improve our response time to bugs and vulnerabilities.
Penetration testing
Churn Buster engages an independent third-party firm to conduct an annual penetration test. The firm is provided an isolated clone of app.churnbuster.io — no customer data is exposed during testing. Findings drive our remediation priorities, and a summary report is available to Enterprise customers on request.
Encrypted in transit, encrypted at rest.
Data encryption
Servers and databases are encrypted at the disk level. In the unlikely event of an intruder accessing a physical storage device, the data contained within would not be decryptable without the proper keys. Sensitive fields within the databases (API keys, OAuth tokens, etc.) are encrypted further at-rest. The latest SSL Labs report for Churn Buster is available online.
Data retention
Churn Buster retains event data for 90 days. Individual events and webhooks are removed after 90 days; aggregate data is removed whenever possible.
Data removal
All customer data stored on Churn Buster servers is eradicated upon termination of service, with account deletions queued behind a 24-hour waiting period to prevent accidental cancellation. Data can also be deleted upon request for specific customers.
PII scrubbing
By default Churn Buster stores limited customer data — email address, customer IDs, non-sensitive card data (last 4, brand), and any metadata supplied by the user. We recommend users avoid sending personally identifiable information beyond what's required.
How data moves through the system.
Data into the system
Customer data enters Churn Buster from your payment processor (Stripe, Braintree, etc.), is processed on Churn Buster servers, and stored in our database. All traffic is encrypted in transit via TLS, and data at rest is encrypted with AES-256. Application logs are scrubbed of PII by default. The latest SSL Labs report for Churn Buster is available online.
Data out of the system
Authorized users access data through the Churn Buster UI behind two-factor authentication. Data may also be transmitted to third-party integrations you authorize (analytics, support, email service providers). Each partner in our integration network is held to the same data-handling commitments described above.
Built on Heroku and AWS, operated by people who care.
Physical access control
Churn Buster is hosted on Heroku, on AWS infrastructure. AWS data centers feature a robust security model documented in detail by AWS and Heroku. Churn Buster employees do not have physical access to data centers, servers, network equipment, or storage.
Logical access control
Churn Buster is the assigned administrator of its infrastructure on Heroku. Only designated authorized operations team members have access to configure the infrastructure on an as-needed basis, behind two-factor authentication. Passwords and keys are stored in a secure, encrypted location.
High availability
Every part of the Churn Buster service uses properly-provisioned, redundant servers (multiple load balancers, web servers, replica databases). Servers are taken out of operation for maintenance without impacting availability.
Business continuity
Churn Buster keeps regular encrypted backups of data on Heroku. While never expected, in the case of production data loss (i.e., primary data stores lost), we will restore organizational data from these backups.
Disaster recovery
In the event of a region-wide outage, Churn Buster will bring up a duplicate environment in a different region. The Churn Buster engineering team documents and simulates extreme scenarios, practicing recovery workflows.
Operational practices behind the product.
Risk management
All code changes are reviewed via pull request before merging, with continuous integration verifying each change. SSH access to production is restricted to designated operations team members, behind two-factor authentication. Risk assessments are conducted on a regular cadence, including HIPAA-style triggers when material changes to the system or workforce occur.
Contingency planning
Churn Buster maintains continuity, disaster-recovery, and customer-communications sub-plans. These are exercised by the engineering team and reviewed annually.
Background checks
All Churn Buster employees pass background checks prior to start, including identity verification, global watchlist, national criminal, county criminal, and US sex offender registry checks.
Security training
Security training is required at onboarding, with additional developer training for engineering staff. Policies are reviewed annually and updated as the product and threat landscape evolve.
Attestations and certifications.
Email support@churnbuster.io to obtain a copy of any of these reports.
PCI SAQ-A
Self-Assessment Questionnaire A, filed annually. Covers our use of Stripe as a Level 1 certified processor.
CAIQ
Consensus Assessment Initiative Questionnaire from the Cloud Security Alliance — available on request.
VSAQ
Vendor Security Assessment Questionnaire — the framework used by enterprise security teams to vet vendors.
Annual pen test
Independent third-party penetration test conducted yearly. A summary of findings is available to Enterprise customers on request.
Email support@churnbuster.io to request copies of any of the above.
GDPR and CCPA, on the record.
GDPR
To ensure that personal data sent to Churn Buster is afforded the protections required by the GDPR, we offer a Data Processing Addendum that incorporates the Standard Contractual Clauses. Email support@churnbuster.io to receive a DocuSign copy of our DPA.
CCPA
Our DPA also provides assurances that: (1) Churn Buster acts solely as a service provider on a customer's behalf; (2) we do not retain, use or disclose personal data for any purpose other than those described in the DPA; (3) we do not "sell" Personal Data within the meaning of the CCPA.
Found something? We want to hear from you.
-
Email support+security@churnbuster.io with a proof of concept.
-
Each disclosure is verified before we take action — we take all reports seriously.
-
Our PGP key for sensitive disclosures is published on public keyservers.