Platform Security

What is Bamboozle's commitment to my data?

We want to make the Internet a safer place for everyone to live, work, and prosper. We believe in holding ourselves accountable to maintaining the trust of our customers and only collecting the data necessary to serve our customers.

What data do you collect about me?

We collect self-reported data, which is data you voluntarily provide so we can provide our service. Self-reported data includes account data such as email address, provided name, and billing information. This also includes customer-provided user preferences and the information in support tickets.

We also receive data from third parties about you and collect data when you interact with our service. Depending on how you use our products and services, interaction data may include things like internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, clickstream data, landing page, and referring URL.

More information about data we collect can be found in our .

How does DO protect my payment card information?

If you use a credit or debit card as your payment method, we process your payments through a third party payment processor, which stores and maintains your complete payment information on our behalf. We do not store your complete payment card number ourselves.

How do you use the data you collect?

Different data has different uses. We believe our covers a lot of the details for specific data types but to summarize, we use the data we collect to provide you with the best experience possible. We use data to improve our product and market new products we think you will enjoy. We believe that all data use should provide you with value and we are committed everyday to balancing our data collection practices with your privacy in mind.

What access does Bamboozle have to the data I store?

Employees do not have access to the content of your Virtual or Dedicated Servers unless you give us permission for support, we are required to access them as part of an active abuse or fraud investigation or where access is necessary to comply with a valid legal process.

How can I show Bamboozle’s commitment to trust to my customers?

Please share the link to our Security Information with your customers. We are working on building out more assets in this space to actually prove our commitment to protecting your trust. We believe that being transparent about how we secure Bamboozle and your data is more valuable than third-party compliance certifications. However, we understand that at times auditors and third parties are interested in these certifications.

We have a dedicated Certifications Report page for these types of requests. If you have any specific questions that are not answered, please contact your account manager.

What specific privacy regulations does Bamboozle comply with?

How does Bamboozle help me secure my infrastructure network?

We love a free and open internet at Bamboozle, and we also accept that means the internet can be a bit of a mixed bag. Hanging a server onto the internet with a public-facing IP means within seconds, bots, brute-forcers, and stressors may happen.

We suggest these resources to help protect your server:

• Add SSH keys when you create new Virtual Server or Dedicated Server or add SSH keys to existing VMs or Servers..

• Add a firewall

• Have multiple VMs that only need to talk to each other? Use our Virtual Private Networks.

How does Bamboozle share the responsibility of securing my data?

For our Infrastructure as a Service products, we secure the system and the network your service runs on, inclusive of the management control plane.

If you are someone who uses our PaaS products, we extend our responsibility for security of those platforms further up-stack. Secure configurations, access, and patching are all part of the as-a-Service model for these products.

We’ll regularly communicate with you on major security mitigations throughout our fleet, such as those for processor class vulnerabilities.

What is my responsibility when it comes to securing my infrastructure on Bamboozle?

The data you store is always yours to own and secure. We provide guidance and a handful of technologies on our platform for you to secure your instances. As we release new security functionality, we’ll update you in the Trust & Security section of our blog.

How does Bamboozle secure the management “backend” network and virtualization environment?

Tight role-based access, two-factor authentication, secure network zones and secrets management underpin our approach to securing our management layer. Vulnerability and patch management as well as security observability tools help us keep on top of the ever-shifting risk in our infrastructure. We’re also currently on the path toward a broader “zero-trust” model for access to resources within our environment.

Will Bamboozle take down my infrastructure without warning?

Although there are many reasons that we may need to alter or disable portions of our infrastructure, such as to maintain the integrity of our systems in an emergency, we do not typically take down customers’ infrastructure without warning under normal circumstances. However, our customers are sometimes targeted by malicious actors in ways outside of our control. For all our well-intended customers and community members whose VMs or Servers might have been compromised and started doing illegal or harmful things on the internet, you may have your network interface shut down until you’re ready to recover and address the issue. In these cases, we’ll send you an email immediately upon shutting off the network interface and walk you through recovery. We always recommend employing best practices to secure your services, and more resources on this topic can be found in the Trust & Security section of our blog.

The dark side of the internet does exist, and there are those looking to harm others or defraud companies like us. It is a tricky balance to maintain and everyday we strive to keep the Internet a safer place for everyone.

How do I responsibly share a vulnerability?

We strive to create a safe, resilient environment where our customers and community can innovate with confidence. While we do a lot of things to make sure our environment is safe, we can make mistakes. When we do, we want you to let us know!

If you have discovered a vulnerability, please report it! We partner with HackerOne to run a public vulnerability disclosure program. We will not take legal action against nor ask law enforcement to investigate researchers who reach out and work with us in good faith, including:

• Sharing the full details of the issue with us

• Making a good faith effort to avoid violating our customers’ (or our) privacy, destroying data, and interrupting or degrading our services

How does Bamboozle secure the data centers?

Bamboozle is committed to working with third-party data center providers that maintain industry-leading access control, including video surveillance, security, access lists, and exit procedures. We regularly audit our data centers to meet our regulatory requirements and validate proper implementation of our security requirements.