The Hopin Events, Hopin Session and Boomset services have been acquired by RingCentral. For Hopin Events (now RingCentral Events), Hopin Session (now RingCentral Session) and Boomset customers, updated terms are as follows: RingCentral Global Platform Terms at https://ringcentral.com/legal/ringcentral-events/global-platform-terms, and for other terms and policies, including Privacy Notice, visit https://www.ringcentral.com/legal.html.
At Hopin, we are committed to protecting the confidentiality, integrity and availability of our information systems and our customer’s data. We are constantly improving our security controls and analyzing their effectiveness to give you confidence in our solution.
Here we provide an overview of some of the security controls in place to protect your data.
You can reach our security team at [email protected].
Facilities
Hopin uses infrastructure from Google Cloud for data center hosting. Our provider data centers are certified as ISO 27001, PCI DSS Service Provider Level 1, and or SOC 1 and 2 compliant.
Our providers employ robust controls to secure the availability and security of their systems. This includes measures such as backup power, fire detection and suppression equipment, secure device destruction amongst others. Learn more about Data Center Controls at AWS and Google Cloud Datacenter Security.
On-Site Security
AWS and GCP implement layered physical security controls to ensure on-site security including, vetted security guards, fencing, video monitoring, intrusion detection technology and more. Learn more about AWS Physical Security and GCP Physical Security.
In-house Security Team
Hopin has a dedicated and passionate security team across the globe to respond to security alerts and events.
Third-Party Penetration Tests
Third party penetration tests are conducted against the application and supporting infrastructure at least annually. Any findings as a result of tests are tracked to remediation. Reports are available on request with an appropriate NDA in place.
Threat Detection
Hopin leverages threat detection services within AWS an GCP to continuously monitor for malicious and unauthorized activity.
Vulnerability Scanning
We perform regular internal scans for vulnerability scanning of infrastructure. Where issues are identified these are tracked until remediation.
DDoS Mitigation
Hopin uses a number of DDoS protection strategies and tools layered to mitigate DDoS threats. We utilize Cloudflare’s sophisticated CDN with built in DDoS protection as well as native AWS and GCP tools and application specific mitigation techniques.
Access Control
Access is limited to a least privilege model required for our staff to carry out their jobs. This is subject to frequent internal assessment, technical enforcement, and monitoring to ensure compliance. 2FA is required for all production systems.
In Transit
Communication with Hopin is encrypted with TLS 1.2 or higher over public networks. We monitor community testing & research in this area and continue to adopt best practices in terms of Cipher adoption and TLS configuration.
At Rest
Hopin data is encrypted at rest with industry standard AES-256 encryption. By default we encrypt at the asset or object level.
Uptime
Hopin products are deployed on public cloud infrastructures. Services are deployed to multiple availability zones for availability and are configured to scale dynamically in response to measured and expected load. Simulated load tests and API response time tests are incorporated into our release and testing cycle.
Disaster Recovery
In the event of a major region outage, Hopin products have the ability to deploy our applications to new hosting regions. Our Disaster Recovery plan ensures availability of services and ease of recovery in the event of such a disaster. This plan is regularly tested and reviewed for areas of improvement or automation.
DR deployment is managed by the same configuration management and release processes as our production environment ensuring that all security configurations and controls are applied appropriately.
Quality Assurance
Hopin’s Quality Assurance function reviews and tests code base on a per pod basis. The security team has resources to investigate and recommend remediation of security vulnerabilities within code. Regular syncs, training, and security resources are provided to support QA.
Environment Segregation
Testing, staging, and production environments are logically separated from one another. No customer data is used in any development or test environment.
Security Champions
Hopuin runs a Security Champions program with involvement contributions from each of the development teams.
Security Awareness
Hopin delivers a robust Security Awareness Training program which is delivered within 30 days of new hires and annually for all employees. In addition, we roll out quarterly focused training to key departments including Secure Coding, Data Legislation, and Compliance obligations.
Information Security Program
Hopin has a comprehensive set of information security policies covering a range of topics. These are disseminated to all employees and contractors and acknowledgement tracked on key policies such as Acceptable Use, Information Security Policy, and our Employee Handbook.
Employee Background Checks
All Hopin employees undergo a background check prior to employment which covers 5 years criminal history where legal and 5 years employment verification.
Confidentiality Agreements
All employees are required to sign Non-Disclosure and Confidentiality agreements.
Access Controls
Access to systems and network devices is based upon a documented, approved request process. Logical access to platform servers and management systems requires two-factor authentication. A periodic verification is performed to determine that the owner of a user ID is still employed and assigned to the appropriate role. Access is further restricted by system permissions using a least privilege methodology and all permissions require documented business need. Exceptions identified during the verification process are remediated. Business need revalidation is performed on a quarterly basis to determine that access is commensurate with the users job function. Exceptions identified during the revalidation process are remediated. User access is revoked upon termination of employment or change of job role.
GDPR
Hopin maintains compliance with the European Union’s General Data Protection Regulation (GDPR). We use the E.U Commission approved standard contractual clauses for data transfer from the EEA to the United States.
PCI-DSS
As a card not present merchant, Hopin outsources our cardholder functions to a PCI-DSS Level 1 service provider. A copy of our SAQ-A can be available on request.
Privacy Policy
Hopin’s privacy policy, which describes how we handle data input into Hopin, can be found at /privacy. For privacy questions or concerns, please contact [email protected].
Vendor Management
Hopin understands the risks associated with improper vendor management. We evaluate and perform due diligence on all of our vendors prior to engagement to ensure their security is to a suitable standard. If they do not meet our requirements, we do not move forward with them. Selected vendors are then monitored and reassessed on an ongoing basis, taking into account relevant changes.
Hopin uses third-party sub processors to provide core infrastructure and services which support the applications. Prior to engaging any third party, Hopin evaluates a vendor’s security as per our Vendor Management Policy.
StreamYard’s list of third-party sub processors can be found here.
At Hopin, we consider the security of our system a top priority and Hopin believes that working with a skilled security researcher community helps improve our security posture.
Below are the list of vulnerabilities that qualify to receive hall of fame:
Disclosure Policy:
Exclusions and things we do not want to see:
While researching, we would like you to refrain from:
We are in the process of setting up our Bug Bounty program through Bug Bounty platforms.
Hopin does not offer cash rewards for reporting vulnerabilities through our Responsible Disclosure Policy. We do appreciate and thank researchers by listing their names in the hopin's hall of fame.
Thank you for helping to keep Hopin and our users safe!
In order to investigate your trademark complaint, please provide all of the information listed below and press submit
Use the form below to identify content that you would like removed based on alleged infringement of your copyright(s)