Support Badger

Security

How Support Badger keeps your data safe

Security is fundamental to Support Badger. We implement industry-standard practices to protect your data and your customers' information.

Data Protection

Encryption

  • In Transit - All connections use TLS 1.3
  • At Rest - AES-256 encryption for stored data
  • Backups - Encrypted backups with separate keys

Data Centers

  • Hosted on AWS (EU and US regions)
  • SOC 2 Type II certified facilities
  • Geographic redundancy
  • 99.9% uptime SLA

Access Control

Authentication

  • Email + password authentication
  • Two-factor authentication (2FA) available
  • SSO via SAML 2.0 (Enterprise)
  • OAuth 2.0 social login

Two-Factor Authentication

  1. Go to Profile → Security
  2. Click Enable 2FA
  3. Scan QR code with authenticator app
  4. Enter verification code
  5. Save backup codes securely

Session Management

  • Automatic session timeout (configurable)
  • View active sessions in Profile
  • Remote logout capability

SSO / SAML

Enterprise plans include Single Sign-On:

  1. Go to Settings → Security → SSO
  2. Enter your Identity Provider details:
    • Entity ID
    • SSO URL
    • Certificate
  3. Download Support Badger's metadata
  4. Configure in your IdP (Okta, Azure AD, etc.)
  5. Test and enable

Supported Providers

  • Okta
  • Azure Active Directory
  • Google Workspace
  • OneLogin
  • Any SAML 2.0 provider

Audit Logs

Enterprise plans include comprehensive audit logging:

Logged Events

  • User login/logout
  • Permission changes
  • Settings modifications
  • Data exports
  • Integration connections
  • API key usage

Accessing Logs

  1. Go to Settings → Security → Audit Logs
  2. Filter by user, action, or date range
  3. Export to CSV for compliance

API Security

  • API keys with granular permissions
  • Rate limiting to prevent abuse
  • IP allowlisting available
  • Webhook signatures for verification

API Key Management

  1. Go to Settings → API
  2. Create keys with specific scopes
  3. Set expiration dates
  4. Revoke keys instantly when needed

Data Retention

Data Type Retention
Conversations Indefinite (or as configured)
Audit Logs 2 years
Deleted Data 30 days (recoverable)
Backups 90 days

Custom Retention

Enterprise customers can configure custom retention policies.

GDPR Compliance

  • Data Processing Agreement (DPA) available
  • Right to erasure (data deletion)
  • Data portability (export)
  • EU data residency option

Data Export

  1. Go to Settings → Data
  2. Click Export All Data
  3. Select format (JSON or CSV)
  4. Download when ready

Data Deletion

  1. Go to Settings → Data
  2. Click Delete Account
  3. Confirm deletion request
  4. Data removed within 30 days

Vulnerability Disclosure

Found a security issue? Report it responsibly:

  • Email: security@supportbadger.com
  • PGP key available on request
  • We acknowledge reports within 24 hours