Skip to main content
Skip to main content
Skip to main content

Security

Your data, protected.

Boosta is built with security-first principles. Your sales intelligence and business data are encrypted, access-controlled, and hosted in Australia.

Data hosting and encryption

  • All data hosted in Australia (ap-southeast-2 region) on Neon managed PostgreSQL
  • Encryption at rest using AES-256
  • Encryption in transit using TLS 1.2+ for all connections
  • Database backups encrypted and retained with point-in-time recovery

Authentication

  • Passwords hashed with bcrypt (cost factor 12)
  • Secure session management with signed, HttpOnly cookies
  • Email verification required for all accounts
  • Session tokens rotated on privilege changes

Access control

  • Role-based access: Owner, Admin, and Member roles
  • API key scoping with per-key permissions
  • Team-level data isolation — users only see their own data
  • Admin actions are audited

Web crawling practices

  • Only publicly available business information is collected
  • robots.txt directives are respected
  • Crawl rate limits prevent excessive load on target sites
  • No personal data is scraped — only business-level information

AI data handling

  • LLM queries are stateless — no training on your data
  • Only the minimum context needed is sent to AI providers
  • AI providers (OpenAI) do not retain API inputs for training
  • All AI interactions are logged for auditability

Infrastructure

  • Kubernetes-orchestrated infrastructure with automated health checks
  • Isolated worker processes for background jobs
  • Continuous monitoring with Sentry error tracking
  • Automated deployments with rollback capability

Compliance

  • Compliant with Australian Privacy Principles (APPs)
  • Registered with the OAIC (Office of the Australian Information Commissioner)
  • Privacy policy and terms of service publicly available
  • Data processing aligned with the Privacy Act 1988

Data retention and deletion

  • You can delete your account and all associated data at any time
  • Business intelligence data is refreshed regularly to stay current
  • Inactive accounts are notified before any data cleanup
  • Data deletion requests are processed within 30 days

Security concern?

If you discover a security vulnerability or have concerns about data handling, please contact us immediately. We take all reports seriously and respond within 24 hours.

Report a security concern

Stop guessing. Start closing.

See your first AI-matched prospects in under 15 minutes. Free to start, no credit card required.

Get Started FreeSee Pricing