Security & Compliance
Security is one of our top priorities at Churn Buster.
We're committed to securing your customer data, eliminating systems vulnerability, and ensuring continuity of access.
Note: adding Churn Buster to your financial stack creates no additional exposure with sensitive payment method data—this data is neither handled nor stored on Churn Buster servers.
Security is directed and maintained by the Churn Buster Engineering leadership team.
Our Core Commitments:
Below you will find a detailed overview of security controls at Churn Buster.
Payment Processor Account Access
External keys are used to access payment processor data whenever possible. In the case of Stripe, Churn Buster uses our own API key, combined with your Account ID, to interact with the Stripe API. This removes the need for Churn Buster to store your Stripe API key. For processors where this isn’t possible, API keys or tokens are stored and encrypted at-rest.
Churn Buster Users
Churn Buster bills users using Stripe, a PCI Service Provider Level 1 certified payment processor—the most stringent certification level available. Stripe’s security information is available online. User card details are never transmitted through or stored on Churn Buster servers. Churn Buster validates its PCI compliance annually by filing a SAQ-A questionnaire.
"Capture" Card Update Pages
Churn Buster hosts Capture pages which users can use to collect card details from their own customers. These pages are only available for users using a payment processor like Stripe or Braintree which makes use of tokenized cards, preventing card data from transmitting through or being stored on Churn Buster servers.
In addition to password login, two-factor authentication (2FA) provides an added layer of security to Churn Buster via a time-based one-time password algorithm (TOTP). We encourage 2FA as an important step towards securing data access from intruders.
REST API Authentication (API Key)
The Churn Buster REST API uses an Account ID and API Key for authentication. Credentials are passed using the auth header and are used to authenticate a user account with the API.
The Churn Buster service includes email notifications and digest reports. We have aggressive domain-based message authentication, reporting, and conformance (DMARC) set up for monitoring reports to prevent the possibility of phishing scams. You can see the TXT record on _dmarc.churnbuster.io.
Application Development Lifecycle
Churn Buster practices continuous delivery. This means all code changes are committed, tested, shipped, and iterated on in a rapid sequence. A continuous delivery methodology, complemented by pull request, continuous integration (CI), and automated error tracking, significantly decreases the likelihood of a security issue and improves the response time to and the effective eradication of bugs and vulnerabilities.
Data into System
Payment Processors, and users via the Churn Buster API, send events to the Churn Buster server, which processes and stores the events. Audit data of processing and storing is transmitted to our logging infrastructure through encrypted connections.
Sensitive data is automatically scrubbed from application logs.
Data is sent securely to Churn Buster via TLS to HTTPS endpoints. All data is AES-256bit encrypted in transit.
The latest SSL Labs Report for Churn Buster can be found here.
Data out of System
After events are processed, data can be accessed via the Churn Buster user interface. Churn Buster integrates with third-party tools so users can manage workflows efficiently, and be alerted of payment issues and campaign progress via notification and chat tools, email and SMS alerts, help desks, and custom integrations. High standards for security and compliance also extend to the Churn Buster partner network.
Data Security and Privacy
Churn Buster servers and databases are encrypted at the disk level. In the unlikely event of an intruder accessing a physical storage device, the Churn Buster data contained within would not be possible to decrypt without the proper keys, rendering the information a useless jumble of random characters.
Encryption at-rest also enables continuity measures like backup and infrastructure management without compromising data security and privacy.
Churn Buster exclusively sends data over HTTPS transport layer security (TLS) encrypted connections for additional security as data transits to and from the application.
Databases have full-disk encryption, and sensitive data within those databases (API Keys, etc) is encrypted further at-rest.
Churn Buster retains event data for 90 days. Individual events and webhooks are removed after 90 days, and aggregate data is removed whenever possible.
All customer data stored on Churn Buster servers is eradicated upon termination of service, with account deletions after a 24-hour waiting period to prevent accidental cancellation. Data can also be deleted upon request for specific customers.
We recommend that users do not send any personally identifiable information (PII) to Churn Buster. By default, Churn Buster stores limited customer data, including email address, customer IDs, non-sensitive card data, and any metadata supplied by the user.
Anyone can report a vulnerability or security concern with a Churn Buster product by contacting email@example.com and including a proof of concept. We take all disclosures seriously, and upon receipt of a disclosure each vulnerability is verified before taking necessary steps to address it.
To encrypt sensitive information that is sent to us, our PGP key can be found on keyservers.
Infrastructure and Network Security
Physical Access Control
Churn Buster employees do not have physical access to Heroku or AWS data centers, servers, network equipment, or storage.
Logical Access Control
Churn Buster is the assigned administrator of its infrastructure on Heroku, and only designated authorized Churn Buster operations team members have access to configure the infrastructure on an as-needed basis behind two-factor authentication. Passwords and keys are stored in a secure and encrypted location.
Churn Buster undergoes annual penetration testing conducted by an independent, third-party firm. For testing, Churn Buster provides the agency with an isolated clone of app.churnbuster.io and a high-level overview of application architecture. No customer data is exposed to the firm through penetration testing.
Information about any security vulnerabilities successfully exploited through penetration testing is used to set mitigation and remediation priorities. A summary of penetration test findings is available upon request to Enterprise clients.
Business Continuity and Disaster Recovery
Every part of the Churn Buster service uses properly-provisioned, redundant servers (e.g., multiple load balancers, web servers, replica databases) in the case of failure. As part of regular maintenance, servers are taken out of operation without impacting availability.
Churn Buster keeps regular encrypted backups of data on Heroku. While never expected, in the case of production data loss (i.e., primary data stores lost), we will restore organizational data from these backups.
In the event of a region-wide outage, Churn Buster will bring up a duplicate environment in a different region. The Churn Buster engineering team documents and simulates extreme scenarios, practicing recovery workflows.
All Churn Buster product changes must go through code review, CI, and build pipeline to reach production servers. Only designated employees on the Churn Buster engineering team have secure shell (SSH) access to production servers.
Testing and risk management is performed on all systems and applications on a regular, ongoing basis. New methods are developed, reviewed, and deployed to production via pull request and internal review.
Churn Buster performs risk assessments throughout the product lifecycle:
- Before the integration of new system technologies and before changes are made to Churn Buster physical safeguards
- While making changes to Churn Buster physical equipment and facilities that introduce new, untested configurations
- Periodically as part of technical and non-technical assessments of the security rule requirements as well as in response to environmental or operational changes affecting security
The Churn Buster operations team includes service continuity and threat remediation among its top priorities. We keep a contingency plan in case of unforeseen events, including risk management, disaster recovery, and customer communication sub-plans that are tested and updated on an ongoing basis and thoroughly reviewed for gaps and changes regularly.
Churn Buster conducts background checks for new employees, including verification on the following:
- Identity verification
- Global watchlist check
- National criminal records check
- County criminal records check
- (U.S. only) Sex offender registry check
New employees receive onboarding and systems training, including environment and permissions setup, formal software development training (if pertinent), and security policies review.
Engineers review security policies as part of employee onboarding. Any change to policy affecting the product is communicated to the entire engineering team. Major updates are communicated via email to all Churn Buster employees.
Churn Buster attests to its information & security compliance via the following:
- PCI SAQ-A
- Annual Penetration Test
Email firstname.lastname@example.org to obtain a copy of the report(s) you’re interested in.
To ensure that personal data you send Churn Buster is afforded the protections required by the GDPR, Churn Buster offers a Data Processing Addendum that incorporates the Standard Contractual Clauses.
Email email@example.com to receive a DocuSign copy of our DPA.
Churn Buster’s Data Processing Addendum provides assurances that: (1) Churn Buster acts solely as a service provider (as that term is defined under the CCPA) on a customer’s behalf, (2) Churn Buster does not retain, use or disclose personal data for any purpose other than the purposes described in the DPA, (3) and Churn Buster does not “sell” Personal Data (within the meaning under the CCPA).