logo

Security at Probo

Last updated: 7/18/2025

Our Security Commitment

At Probo, security isn't just a feature it's fundamental to everything we do. As a compliance platform, we understand the critical nature of the data you entrust to us and take our responsibility to protect it seriously.

Infrastructure Security

  • Cloud Infrastructure: We host our services on AWS, leveraging their world-class security infrastructure and compliance certifications
  • Network Security: All data in transit is encrypted using TLS 1.3, and we employ strict firewall rules and network segregation with VPN access
  • Data Encryption: All data at rest is encrypted using AES-256 encryption
  • Database Security: Databases are encrypted, regularly backed up, and equipped with Point-in-Time Recovery (PITR) capabilities
  • Infrastructure as Code: All infrastructure is managed through code, ensuring consistency and security
  • Container & VM Security: We only build from trusted Docker images and rebuild them regularly to incorporate the latest security fixes. The same approach is applied to VM images

Application Security

  • Authentication: We enforce Single Sign-On (SSO) when possible and require at least two-factor authentication (2FA) everywhere else
  • Session Management: Secure session handling with automatic timeouts and invalidation
  • Access Control: Role-based access control (RBAC) with principle of least privilege
  • Code Security: All commits are digitally signed for authenticity and integrity

Security Practices

  • Security Testing: Annual penetration testing and vulnerability assessments
  • Monitoring & Alerting: 24/7 security monitoring with comprehensive logging and alerting systems
  • Access Logging: Comprehensive employee access logging with behavioral analysis and automated alerting for unusual access patterns
  • Updates: Regular security patches and updates to all systems and dependencies
  • Dependency Management: We leverage Software Bill of Materials (SBOM) for comprehensive dependency management and security
  • Incident Response: Documented incident response procedures with regular team training
  • Password Management: Enterprise password manager enforced across all team members

Vulnerability Disclosure

We appreciate the work of security researchers and welcome responsible disclosure of security vulnerabilities. Please report any security issues to security@getprobo.com

Contact

For security-related inquiries, please contact our security team at security@getprobo.com