Secure Screenshots
Security & Compliance
Trusting another company with your screenshots shouldn't be taken lightly.
At Urlbox, we're acutely aware of the risks of operating web browsers in production environments. Our customers trust us to enhance their security posture. We want you to confidently focus on your core business activities with peace of mind.
This document outlines our security measures, policies, and ongoing efforts to meet and exceed compliance standards.
Product Security
All the features you need to keep your screenshots, team members and customer data secure.
Encryption
We keep screenshots & metadata secure in transit and at rest. In transit, screenshots & metadata are only accessible via TLS/SSL 1.3 or higher and at rest, screenshots & metadata are encrypted with AES256.
Password Storage
All passwords are one-way encrypted when stored in the database, and the database itself encrypted at rest, to ensure the original password can never be compromised.
Data Access
Our people and systems can only access the data they need to do their job.
Staged Releases
We only release software after qualifying it in development and staging environments. All customers can chose between 'stable' and 'latest' releases on a project or request bases. A minimum of 14 days notice is given before a 'latest' release is promoted to 'stable'.
Development Practice
We peer review and test our code prior to release, including manual and automated checks for security issues.
Network Security
Behind the scenes, we work hard to ensure that each piece of our infrastructure is secure.
Encryption
We encrypt all traffic to and from Urlbox over HTTPS. Passwords are also encrypted when stored in the database. The database files themselves are encrypted at rest on the file-system, as are any backups.
Password Management
Internally we use password managers like 1Password and LastPass to ensure that all passwords used by the team are complex and unique.
Vulnerability & Pen Testing
We run regular automated scans of our product using AppCheck to help us identify potential vulnerabilities. We also make reporting a vulnerability easy for those who find them, with a dedicated mailbox: [email protected]. Our security policy for ethical hackers, security researchers and vulnerability hunters is available here.
Backups & Data Retention
We run point-in-time style backups, allowing us to rollback data to any point over the past few days. We also perform snapshot style backups on a nightly basis, again stored for about a week. Screenshots are cached for 30 days by default when not using your own storage infrastructure.
Hosting
We use a combination of cloud providers and physical servers to host our application and render your screenshots. All of which reside in facilities with top-tier physical security controls and either ISO 27001 or SOC2 Type 2 certifications.
Compliance
While we’d eventually love to achieve SOC2 or ISO 27001 certifications, we don’t hold them at this time.
We are fully compliant with the GDPR. Our privacy policy is available here.
Free Trial
Ready to start rendering?
Designers, law firms and infrastructure engineers trust Urlbox to accurately and securely convert HTML to images at scale. Experience it for yourself.
7 day free trial.No credit card required.