Skip to main content

Parabol Security FAQs

Is Parabol GDPR compliant?

Yes, Parabol is GDPR compliant.

We also adhere to the California Online Privacy Protection Act (CalOPPA) and the United States Federal Trade Commission’s fair information practice principles (FIPPs).

Also, Parabol’s cloud service provider, Google Cloud, is compliant with GDPR standards.

Where does Parabol store my data?

Retrospective data is stored in memory within the localStorage of the web browser while the Parabol application is in use by end users.

Data about the retrospective is also simultaneously stored in our database for future access.

If using the Parabol SaaS solution, the retrospective data is stored in rethinkDB and PostgreSQL at our cloud service providers data center, currently in Iowa,(USA) with Google Cloud.

Data related to the retrospective is also emailed to end users participating in retrospective meetings through meeting summaries.

What data does Parabol store?

User data: name, email, avatar photo, integrations

Meeting data: meeting type, history, comments, tasks, activity

Team data: membership, meetings, tasks, integrations

Much more information how how we handle data privacy can be found here: https://parabol.co/privacy

Where are Parabol’s severs located?

Our public servers are located inIowa,(USA) with the option for EU or client-side hosting

Does Parabol encrypt user data?

Yes, Parabol encrypts all user data. All data is encrypted while in use or in transit via transport layer security. Backups are also encrypted. We use SSL/TLS 256-bit Encryption with HSTP.

How are security requirements included in all stages of Parabol’s software development lifecycle?

The OWASP Top Ten is used to evaluate work at all stages of the software development lifecycle (“SDLC”) to incorporate security requirements: from ideation and prototyping, through design & design review, through architecture, implementation, code review, quality assurance, and customer success reports.

Work is tagged in our SDLC according to the level of risk associated with it, corresponding to levels defined in our Risk Management Framework. Particular levels require additional reviews (e.g. from a Senior Architect and/or our Security Officer), which often result in requirements changes from domain experts.

Does Parabol have a role responsible for Information Security?

Yes. The Security Officer role is responsible for information security at Parabol (security@parabol.co). The purpose of the role is to safeguard Parabol’s information and systems from security threats. The roles accountabilities include:

  • Recommending and updating a stage-appropriate security framework to the Product Manager
  • Reviewing and consulting on security policy changes, (e.g. firewall rule changs)
  • Orchestrating security audits with outside vendors
  • Completing prospective and current customer Risk Reviews
  • Responding to incoming security disclosures according to the Security Disclosure Policy
  • Capturing and detailing acceptance criteria for new security issues

Does Parabol have any security certifications such as SOC2 or ISO27001?

Not yet. SOC2 certification is on our security roadmap, but we are not actively pursuing it. However, our hosting provider, Google Cloud, is SOC-2 and ISO-27001 certified.

Further questions?

If you have any questions about Parabol’s security or something is missing, you may contact us here:

Parabol, Inc.
1111 6th Ave., Ste 550
PMB 73201
San Diego, CA 92101

Last updated: March 16th, 2023