Geckoboard security

Details of how we work to ensure that all transactions, connections, and access is kept secure at all times.

Updated over a week ago

We know your metrics are extremely important to you and your business. Our team works continuously to ensure that all transactions, connections, and access is kept secure at all times.

Data security

Physical security

Geckoboard uses Amazon Web Services (AWS) for our hosting. AWS is an industry leader and provides a highly scalable cloud computing platform with end-to-end security and privacy features built in.

Access to these data centers is strictly controlled and monitored using a number of features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures. Learn more

Password and credential storage

All passwords for Geckoboard accounts are filtered from our logs and are one-way encrypted in the database using the bcrypt (salted) hash function. Login information is always sent over HTTPS (see “Communication Security”).

Nobody on the Geckoboard team can view your account password. If you lose your password, you will need to go through our password reset procedure, which will email you a link to choose a new password.

Credit card security

Geckoboard is PCI DSS compliant. When you purchase a paid Geckoboard subscription, your credit card data is not transmitted through, nor stored on, our systems. All of Geckoboard’s credit card processing is handled securely by Recurly – a company dedicated to this task. Learn more

Communications security

All communication between your computer and Geckoboard is encrypted using HTTPS (128-bit TLS). This is the same level of encryption used by banks and financial institutions, and is designed to prevent third parties from seeing sensitive information you are sending to/receiving from Geckoboard.

We also use HTTPS when fetching your data from third party services. Learn more

Product security

Permissions and authentication for third party services

When you connect Geckoboard to a third-party service through one of our pre-built integrations, we store the credentials that allow us to fetch data from that service. We use these credentials to continuously update your visualizations with the latest information available. We always encrypt credentials for these services before storing them. Learn more

Role based access controls

We provide a role-based administration system for user accounts. There are 4 roles: owners, admins, organization view-only users and dashboard view-only users; each with different permissions. Learn more

Dashboard URL security

Dashboard URLs are generated using a cryptic hash, making access to even publicly shared dashboards virtually impossible without explicit access to the dashboard link.

Private dashboards

Dashboards can be kept private and shared with only a specific set of people using the Share feature.

IP restrictions

Access to dashboards can be restricted to specific networks and devices using the Allowed device IP addresses feature.

Using Geckoboard from behind firewalls

Geckoboard is a cloud-based SaaS service designed to work out of the box from behind firewalls and proxies. Therefore, your existing security is left altogether intact.

If you're using integrations, or polling widgets that require access to protected resources within your network, you can Geckoboard's outbound IP addresses to include.

Maintaining security

Employee access and security

Geckoboard employees do not have physical access to our servers in AWS. Geckoboard employees are only granted access to systems and data based on their role in the company or on an as-needed basis.

No customer data is stored on employee laptops, and we enforce full-disk encryption and automatic log out after a fixed period of inactivity.

Our QA approach

We adhere to industry best practices when developing applications for Geckoboard. All changes made to our applications and infrastructure are peer reviewed by a separate member of staff, and the changes are recorded in an audit log.

We have a designated team that keeps our software and its dependencies up to date, eliminating any potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site. Learn more

Report a security vulnerability

We welcome reports from security researchers and experts about possible security vulnerabilities with our service. Learn more

Third party pentests

Each year Geckoboard employs third-party security experts to perform detailed penetration tests on the Geckoboard application.

Business continuity

Business continuity program

Geckoboard has developed and maintains a process for business continuity throughout the organization. Our Business Continuity Plan addresses the information security requirements needed for the organization's business continuity.

Environmental disruptions

AWS's business continuity management plan ensures resiliency, recoverability and contingency from significant business disruption, such as local or regional events like a natural disaster, fire, power outage, acts of malice, and technical or infrastructure disruption.

Data redundancy and backups

We ensure that all customer account and dashboard data is regularly backed up. Access to these backups is tightly controlled, and audited.

Your privacy

Privacy policy

Your privacy is of paramount importance to us. Our Privacy Policy outlines specific details about how we safeguard information.

Personal data and information

Your personal data and information is completely private and secure on Geckoboard.

We have tight security policies and controls when it come to accessing customers' data. On top of this everyone in the company is aware of their responsibilities with personal data in the context of GDPR.

Geckoboard and GDPR

At Geckoboard we prepared for EU General Data Protection Regulation (GDPR) to ensure that we fulfil its obligations and maintain transparency about customer messaging and how we use data. Learn more

Did this answer your question?