Get your API keysLogin

Security

We care about security. If you have any questions, or encounter any issues, please contact us.

API Security

Authentication

  • All API requests require Bearer token authentication

  • Tokens are JWT-based

Data Transmission

  • All API endpoints require HTTPS/TLS 1.2+

  • No sensitive data should be transmitted in URL parameters

Rate Limiting

  • No strict rate limit is enforced but we are using Web Application Firewall to ensure no DDoS

Trust Center

Please have a look at our Trust Center

Product Security

Product security is of paramount importance at Hiboo. We use a software development lifecycle in line with general Agile principles. When security effort is applied throughout the Agile release cycle, security oriented software defects are able to be discovered and addressed more rapidly than in longer release cycle development methodologies. Software patches are released on an on-going basis as part of our continuous integration and continuous deployment process.

Thanks to our continuous integration, we are able to respond rapidly to both functional and security issues. Change management policies and procedures determine when and how changes occur. We are able to achieve extremely short mean time to resolution for security vulnerabilities and functional issues.

Physical Security

Cloud

Our infrastructure is hosted in Cloud Service Provider (CSP) environments. Physical and environmental security related controls including buildings, locks or keys used on doors, are managed by these CSP’s.

"Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors." AWS Shared Responsibility Model

Our physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

  • ISO 27001

  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)

  • PCI Level 1

  • FISMA Moderate

  • Sarbanes-Oxley (SOX)

For more information, please check AWS Security Policy

IoT, Hardware and Network

Security and IoT are compatible and they are our priority. We work with hand-picked partners to provide telematics devices when equipment are not natively connected.

Some of our partners works with Sigfox network. Thanks to Sigfox dedication to security, our users benefit of data protection in motion via measures built in the protocol (authentication, integrity, encryption, anti-replay, anti-jamming) data protection at rest via cryptographic storage of data and credentials in devices, base stations, and Sigfox Core Network.

For more information, please check Sigfox Security Policy.

Data Protection

Authentication and Access Management

All requests to the Hiboo Servers must be authenticated and data access is restricted.

We work in close relationship with manufacturers and data providers to ensure that security best practices are enforced and that our data exchanges are secured.

Protection of Customer Data

Data submitted to our service by authorized users is considered confidential. This data is protected in transit across public networks. Customer Data is not authorized to exit the Hiboo environment, except in limited circumstances such as in support of a customer request.

All data transmitted between Hiboo and Hiboo users is protected using Transport Layer Security (TLS) and HyperText Transfer Protocol Secure (HTTPS).

Customer Data currently resides in the European Union in France.

Hiboo monitors critical infrastructure for security related events by using both open source and commercial technologies.

Backup

Here is the policy regarding data encryption and backup for our provider Heroku:

All our production plans are encrypted at rest with AES-256, block-level storage encryption. Keys are managed by Amazon, and individual volume keys are stable for the lifetime of the volume. You can find more detail about EBS encryption here. All backup files that are taken using Heroku PGBackups are stored in an encrypted S3 bucket.

Data — and any changes made to the database — are continuously and automatically backed up over the last 7 days and a weekly backup kept for a month

Audit & Penetration testing

We aim at a yearly penetration testing audit by a 3rd party. Our latest one was done on Jan 2025 by Bastion.tech. You can check the audit certification with the link below

Our latest report is available on demand at [email protected]

Certification

We are ISO 27001 certified.

GDPR

You can find more information on our GDPR policy here: GDPR (RGPD)

OWASP Top 10

OWASP Top 10

People

We have dedicated processes and resources to efficiently manage onboarding and off-boarding of employees including: Account configuration, Access definition and control, training on cybersecurity and best practices.

We also have an internal IT Charter including our policy on computer usage, mobile devices, password…

All our contracts contains legal clauses on privacy and security.

Report an issue

Disclosure

If you believe you’ve discovered a bug in Hiboo's security, please get in touch at [email protected] and we will get back to you within 24 hours, and usually earlier.

PreviousSupport & ContactNextOWASP

Last updated

Was this helpful?