We take your security seriously here at Biteable. Below are some commonly asked Security Questions and our answers to help you or your team get some more information around your usage of our platform:

Where are Biteable data stored, geographically and from an infrastructure standpoint?

  • Our databases are on Amazon Web Services in US-EAST-1 and are multi-availability zone but not multi-region.

Describe the services being provided, with particular focus on the type of data that will be accessed and handled PII (Personally Identifiable Information), business data).

  • Users provide their name and email address to register for Biteable. Users may upload images or video clips to use in their videos. These are all stored in AWS, which is secured by Amazon.

Are documented security policies at Biteable issued, updated, and acknowledged by all employees?

  • Policies are issued and acknowledged by all employees upon hire. Policy updates are shared when they are changed. Acknowledgment is captured annually for all existing employees.

What are Biteable's employee security awareness, training, and certification process like?

  • Policies are issued and acknowledged by all employees upon hire. Policy updates are shared when they are changed. Acknowledgment is captured annually for all existing employees.

What is Biteable's Privacy Policy and how do you monitor for compliance?

  • Our privacy policy is available here: https://biteable.com/privacy-policy/. Biteable retains privacy counsel for maintaining and updating internal and external policies and procedures in compliance with all relevant laws and rules. Staff is informed of all relevant updates.

What is Biteable's personal device security policy and how it is enforced?

  • Biteable laptops and machines are provided to employees and used for all company-related development work. Personal devices are not used for development.

Do Biteable's systems require locking of devices after a period of inactivity, failed login attempts, etc.?

  • Yes.

Does Biteable expire user sessions after a period of inactivity?

  • Yes.

Does Biteable operate wireless networks that allow access to the production network?

  • No.

What method is used for securing wireless communications?

  • Employees are all remote. The Security Policy requires that all employees use networks that use WPA2/WPA3 passwords when connecting wirelessly.

Does Biteable use Google Cloud, Amazon Web Services, or a similar outsourced data center?

What are the physical security controls implemented by Biteable to protect unauthorized access to systems and data?

  • Biteable has no physical locations and thus utilizes AWS controls.

Does Biteable have documented vulnerability management processes and procedures?

  • Yes.

Within Biteable, is there a formal process to add, delete or modify user accounts and access levels?

  • Yes. We perform a quarterly review of access levels for user accounts in all key systems.

Does Biteable require 2FA / multi-factor authentication to access the production network (local or remote)?

  • Yes.

If you or your security team needs more information about working with Biteable, please feel free to contact our Support Team with your questions.

Did this answer your question?