We know your metrics are extremely important to you and your business. Our team works continuously to ensure that all transactions, connections, and access is kept secure at all times.
Geckoboard uses Amazon Web Services (AWS) for our hosting. AWS is an industry leader and provides a highly scalable cloud computing platform with end-to-end security and privacy features built in.
Access to these data centers is strictly controlled and monitored using a number of features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures. Learn more
Password and credential storage
All passwords for Geckoboard accounts are filtered from our logs and are one-way encrypted in the database using the bcrypt (salted) hash function. Login information is always sent over HTTPS (see “Communication Security”).
Nobody on the Geckoboard team can view your account password. If you lose your password, you will need to go through our password reset procedure, which will email you a link to choose a new password.
Credit card security
Geckoboard is PCI DSS compliant. When you purchase a paid Geckoboard subscription, your credit card data is not transmitted through, nor stored on, our systems. All of Geckoboard’s credit card processing is handled securely by Recurly – a company dedicated to this task. Learn more
All communication between your computer and Geckoboard is encrypted using HTTPS (128-bit TLS). This is the same level of encryption used by banks and financial institutions, and is designed to prevent third parties from seeing sensitive information you are sending to/receiving from Geckoboard.
We also use HTTPS when fetching your data from third party services. Learn more
Permissions and authentication for third party services
When you connect Geckoboard to a third-party service through one of our pre-built integrations, we store the credentials that allow us to fetch data from that service. We use these credentials to continuously update your visualizations with the latest information available. We always encrypt credentials for these services before storing them. Learn more
Role based access controls
We provide a role-based administration system for user accounts. There are 4 roles: owners, admins, organization view-only users and dashboard view-only users; each with different permissions. Learn more
Dashboard URL security
Dashboard URLs are generated using a cryptic hash, making access to even publicly shared dashboards virtually impossible without explicit access to the dashboard link.
Dashboards can be kept private and shared with only a specific set of people using the Share feature.
Access to dashboards can be restricted to specific networks and devices using the Allowed device IP addresses feature.
Using Geckoboard from behind firewalls
Geckoboard is a cloud-based SaaS service designed to work out of the box from behind firewalls and proxies. Therefore, your existing security is left altogether intact.
If you're using integrations, or polling widgets that require access to protected resources within your network, you can Geckoboard's outbound IP addresses to include.
Employee access and security
Geckoboard employees do not have physical access to our servers in AWS. Geckoboard employees are only granted access to systems and data based on their role in the company or on an as-needed basis.
No customer data is stored on employee laptops, and we enforce full-disk encryption and automatic log out after a fixed period of inactivity.
Our QA approach
We adhere to industry best practices when developing applications for Geckoboard. All changes made to our applications and infrastructure are peer reviewed by a separate member of staff, and the changes are recorded in an audit log.
We have a designated team that keeps our software and its dependencies up to date, eliminating any potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site. Learn more
Report a security vulnerability
We welcome reports from security researchers and experts about possible security vulnerabilities with our service. Learn more
Third party pentests
Each year Geckoboard employs third-party security experts to perform detailed penetration tests on the Geckoboard application.
Business continuity program
Geckoboard has developed and maintains a process for business continuity throughout the organization. Our Business Continuity Plan addresses the information security requirements needed for the organization's business continuity.
AWS's business continuity management plan ensures resiliency, recoverability and contingency from significant business disruption, such as local or regional events like a natural disaster, fire, power outage, acts of malice, and technical or infrastructure disruption.
Data redundancy and backups
We ensure that all customer account and dashboard data is regularly backed up. Access to these backups is tightly controlled, and audited.
Personal data and information
Your personal data and information is completely private and secure on Geckoboard.
We have tight security policies and controls when it come to accessing customers' data. On top of this everyone in the company is aware of their responsibilities with personal data in the context of GDPR.
Geckoboard and GDPR
At Geckoboard we prepared for EU General Data Protection Regulation (GDPR) to ensure that we fulfil its obligations and maintain transparency about customer messaging and how we use data. Learn more