Skip to main content

Data Security and Privacy

Backstory takes security and data privacy seriously. We are committed to protecting your data and maintaining confidentiality at all times. Our full Security and Privacy policies are available on our website. Below is a summary of our core practices.

Infrastructure Security

Backstory's production, staging, and development environments are hosted on AWS (Amazon Web Services), with a multi-zone architecture that ensures high availability and resilience. In the event of an outage at one hosting facility, activity data remains continuously available.

AWS data center protections include:

  • 24/7 physical security monitoring, including video surveillance and strict access controls

  • Certification to SOC 1, SOC 2, SOC 3, ISO 27001, and ISO 27018 standards, verified by independent third-party examinations

For more information, visit AWS Cloud Security.

Application and Network Security

Every major release undergoes rigorous QA and security testing before deployment. Additional protections include:

  • Web Application Firewall (WAF) — blocks attacks before they reach our servers

  • SSL encryption — all data transferred to and from our servers is encrypted in transit

  • Restricted database access — accessible only to authorized Backstory personnel required to build or maintain the product

  • Multi-factor authentication (MFA) — required to access Backstory servers

  • DDoS mitigation — services are in place to protect against denial-of-service attacks

Customer Protection

  • All Backstory employees undergo thorough background checks and vetting before joining the team.

  • The Operations and Security teams monitor the platform 24 hours a day, 365 days a year.

  • Customer data is stored in separate, isolated instances and is never shared with external parties.

Access to Your Instance

No one at Backstory can access your instance without your explicit approval. Access may be requested in order to reproduce and troubleshoot reported issues, test or change system configurations, or create reports and dashboards on your behalf.

When access is required, Backstory will request impersonation access, the ability to log in as a user in your organization to view data and configuration settings.

Impersonation Approval Process

  • All users with a Backstory Administrator account are approvers by default. You can designate specific approvers via the Impersonation Approvers menu.

  • All approvers receive an email notification when a request is submitted.

  • Each request includes a justification and the duration for which access is needed.

  • Access automatically expires at the end of the approved duration.

  • Revoke access at any time even after it has been approved.

Admin Access (Your Team)

Your internal administrators can also impersonate users to troubleshoot issues, view data and settings as users see them, and manage configurations across your organization.

Privacy

Backstory respects your personal privacy and is committed to transparency about how your activity data and personal information are used. We do not share your email address or the email addresses of your contacts with any external parties. For complete details, please visit our Privacy Policy.

Need Help?

Contact your Customer Success Manager or support@backstory.ai.

Related Articles
Backstory GDPR Compliance
GDPR Requests for Erasure
Deleting User Data
Comply with New Salesforce Policies for Connected App Access
Connect Claude to Backstory
Did this answer your question?