Bento Holdings is committed to strength within the supply chain. We align our security practices with SOC for Service Organizations Security Trust Service criteria through BCSF 1.0 adoption and attestation.
Supply Chain
Bento Holdings considers all vendors which transmit, store, or otherwise access customer data or customer environments as materially significant. As such, all materially significant vendors are required to maintain a current SOC 2 Type 2 attestation in Security. We maintain a continuously updated database of vendors and routinely review SOC reports. Current vendor statistics can be obtain by emailing support.
Data Hosting
Bento Holdings physical infrastructure is hosted and managed within Amazon’s secure data centers. We leverage all applicable platform security, privacy and redundancy features. AWS continually monitors its data centers for risk and undergoes assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under: ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate and Sarbanes-Oxley (SOX).
Encryption
Data that passes through Bento Holdings is encrypted, both in transit and at rest. All connections from the browser to our platforms are encrypted in transit using TLS SHA-256 with RSA Encryption. We require HTTPS for all services.
Background Checks
All Bento Holdings employees go through a thorough background check before hire.
Training
While we retain a minimal amount of customer data and limit internal access on a need-to-know basis, all employees are trained on security and data handling to ensure that they uphold our strict commitment to the privacy and security of your data.
Confidentiality and NDA
All employees sign a confidentiality agreement before they start at Bento Holdings.
Business Continuity
We have business continuity and disaster recovery plans in place that replicate our database and back up the data onto multiple cloud providers to ensure high availability.
Monitoring
Bento Holdings continuously scans our products for service interruptions, performance degradation and security vulnerabilities to immediately alert our engineers and take action when an incident has been detected.
Mobile Device Management
We secure our employees’ machines and laptops using mobile device management to ensure that each device follows our information security standards, including encryption.
Malicious Software Prevention
Our employees’ equipment is defended by anti-malware software, and we run routine phishing tests to further educate and train employees.
Patching
We keep our systems up to date with the latest security patches and continuously monitor for new vulnerabilities through compliance and security mailing lists. This includes automatic scanning of our code repositories for vulnerable dependencies.
PGP Key
You may transmit to us confidential information encrypted using PGP. Below is our public key.
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBF9bpvsBDADnL+xBKDpb1gZoyfZLgLwmZ1uvwKhr8uoeZJ6zlX55Jzyp5Bda
DZnM8Wgj4zy2hJcwiiGKVw6WPo9MN1WYWz/BxjH42WlmGY0cR3MxQBRDDBw4Zo4A
ArzwkLUVvsydrLSUTN/ET5QyCkbdLyLP609lk7OROyvoeXh3Hw8PpjLKCh5GyOlj
daa9uGeuQPcOCPz/KeIqqXObcBLBNcaUaSywpE0cYSitln7i5ySq2ZD5LDSZp5KH
jd/cS6EQoleFMhXMfn8ZDlkHfs7tGDqjGqeYMsfdR0ebGfyyG+lGjXTec7mAewTB
2W3oGt4ZoTeYD0n3t9Vp2WJ4Bg0dumfUWq44PqdFZ3hiAArmGnSvez26d+RtdHmr
E6Ck7/JkdyzZE7FA42Hp0UZfevgsaXJ+mKNNW2YmsCffeZ2Am4v52vyHzIFsRv9n
q5w8P7hqj5GgxHv8YzpggJrbS6GHMnOLThzvJxl1rV94Nlt3ucsmnTUEx7fL8M5d
HQ1DKPK6CU/lUgMAEQEAAbQiQmVudG8gSG9sZGluZ3MgPHBncEB0ZWNoYmVudG8u
Y29tPokB1AQTAQgAPhYhBGeNT4E3G/ENAue/qKMzPnHlu0WzBQJfW6b7AhsDBQkD
wmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEKMzPnHlu0WzolEMAN+eLz/o
4nsNiozgc7f+3Ig0/GxdyaCXCdHYR21zVlkBYtTWMPC1UaEqbC4aYdQ4103H8osv
SjwGw4fzL1L6U3xGqb25rHxe+ZPIrdQfCT9+MhpM+3XDuQFUC2PshevZsppMsVla
5nLDHJcqJFszArQfbg1Z700lGhdA8bYLieCgWKCv2EZMoyGaQHhWbYdeTvNuJUnL
PbbPFhYzkaa/Fg9REiNUC/kZ6cSW504oB4PrvaJQriqbH7fdH3zEt8cen2ABuYQ5
ebNVHxXpuYifXRSXPhwG4Bkm9la6aJMafJdE7w3vQIutX3eQGIUvW1w2glw8tWWu
YLcjXeRUsOVMBnZi7ZjA2NuJDiE3Jx9bsgOYEksm9Hd/uZqtfYWcZ2Zua1E7K76h
ca+YaYDDpgy+K5dNwghkQq1uGttGwzK3L28jZ6bOMOxTJl+EAIgm/SO9j0aNUl7w
pHlITeZsPcG+qkBv2z+Ke1+NrDer096iCDMtCCfnyvfIjbamTdTsJ2hvhrkBjQRf
W6b7AQwA0tMo/xjsbheIjG/Ukwj7Xd03dqCUUGraXUTz0+z7Zal9yx5pFNtWFYeG
i/AeCg2UX2+1DZRUQIyHUce4qc1L64Cx3DB0k4odQIU4PdAVoaoR35PJO6UqXj0d
SRBhRDQmc3v/mn6kwn0rnhHd9CvoVrT64QBe+9tI2ZbFRPrIhF6q32W+gSzW2Mvs
cgBGFU5PU3FYykgSjtYMc5yJQr/YUB2v5kbKX1An2Ustx901i/30HITZIETjFO6C
ymM1lfPw2rCnvmbh2UYMgd5XmY3qOisgWaswdJquKwGlBSVlSoO80/ZFkQu+JaTm
ZjMhMJeAuI/fZ6bzNKERf8oUGGOa+InDMsUpTZypAJUdnZ1LWc6AhDMb5kfAIq3S
UpXYuzVM9rp2w8xBd82Ugx7fiVduEZm0Ar9SuNn/94CHMbXOfhHAYY7zns4tWlX7
3Ls/S5hozf4UcJRynyK+QkwMzRTptZdqyZM51fxAbjb2IAX9xFYmGBOypFWqagFk
VnDLlIFTABEBAAGJAbwEGAEIACYWIQRnjU+BNxvxDQLnv6ijMz5x5btFswUCX1um
+wIbDAUJA8JnAAAKCRCjMz5x5btFs3mODACwXvft8i0GtV77ROImAt45uxci6ulG
fUlkGP4dRW1mo35YoD3lyBbY2gl1Oj+bC8K2c6Tot/L7E6kve1CKYrfZLLml5Rdy
ZXWuBqZ2H3LmMhJlOIsI605lrtfU01r59lAF0KxV9FrYf1VlBlV9F8HAO+ml3cJ2
E5WeZ3RQExAIsYK+ICA1X3OscoxPlHoXn1E0pXApUA4HGiLdMWhPBBYs/WP7O3wK
cHKx26HfdSgO5xJXyQQ4Q0gnPIWufSnyN7UHV7/BaoJCdQAC9IUt2q1IuKdipdvk
2lEdPvU38QHdE71tvIOrMiCtiSCznJDAnijFgmo27EAtD2Fex1j/GPisxcq1gNAB
oWbFsLCss/mQOP5fQ5w3lUfq1bUfg+sXbp06sIoEFI/+hjZcGTbz+Jb+fYLI9OKM
9cYGxcnnEWp/ACS7om/jTmdoPv4Nek8n3EXdWzQ6Mffg1OycNeEPmMVLTT/0qRuR
DI3aFT2w2DYEsEziegKDdqdLpTrL2SyfOxY=
=9bcN
-----END PGP PUBLIC KEY BLOCK-----