The purpose of this document is to help our customers evaluate the security, risk, and compliance of Switchboard. If you have any questions beyond what is covered here, please email us at support@goswitchboard.com.

All traffic to and inside of Switchboard is secured and encrypted with SSL/TLS. We reserve the right to change the underlying infrastructure of Switchboard at any time.

Services Used and Data Stored in them

Amazon Web Services

We use the following Amazon Web Services running primarily out of Oregon, USA (us-west-2):

• S3 and CloudFront to serve the staging and production marketing websites.
• S3 and CloudFront to serve the staging and production React application frontend.
• Cognito User Pools and Federated Identities to handle user authentication and authorization.
• API Gateway and Lambda to serve and run the API backend. API-level authentication is managed by AWS Cognito.
• DynamoDB to store customer data. Access is fully authenticated and TLS-encrypted.
• CloudWatch to store logs on all components of Switchboard in order to investigate issues.
• Simple Email Service (SES) to send out account and application email notifications.
• Simple Notification Service (SNS) to handle internal coordination and push notifications.
• Mobile Analytics to track activity on the marketing website, API backend, and the React application frontend.
• CodeBuild to test, build, and deploy Switchboard to our staging & production environments.

You can find the AWS security policy at https://aws.amazon.com/security.

Google

We also use the following Google services

• OpenID Connect to handle user authentication for people who choose to log in to Switchboard using their Google account.
• Firebase Cloud Messaging (FCM) to send out push notifications for users who opt in to that feature.

Google’s privacy & security policy is available at https://www.google.com/policies/privacy. At no point does Switchboard ever have access to your Google password.

Facebook

We utilize Facebook Login to handle user authentication for people who choose to log in to Switchboard using their Facebook account. Their data and privacy policy is available at https://www.facebook.com/privacy/explanation. At no point does Switchboard ever have access to your Facebook password.

Sentry Error Reporting

We use Sentry for error reporting to proactively diagnose and fix issues as they come up. Their security policy is available at https://sentry.io/security.

Fastmail

Incoming emails on the goswitchboard.com domain are handled & processed through Fastmail. Their privacy/security policy is available at https://www.fastmail.com/about/privacy.html.

Freshdesk Customer Support

Switchboard handles all its inbound & outbound email support requests through Freshdesk. Their security policy is available at https://www.freshworks.com/security.

Credit Card Data

Switchboard does not receive or store any kind of credit card data other than a reference token that allows us to create payments with our PCI Level 1 certified payments provider, Stripe. Please refer to their security policy for more details.

How does Switchboard access my Twilio account?

When you link your Twilio account to your Switchboard account using Twilio Connect, Switchboard obtains a unique account SID to refer to your connected sub-account (within your Twilio account). The combination of this SID and our private Auth Token is what Switchboard uses to access your (connected) sub-account.

At no point does Switchboard have access to your primary Twilio account or its login credentials.