Security and Privacy
by Design

Parabola empowers you to automate, document, and reduce your manual data work. While your team is building Flows, our team is keeping your data secure and private. Data security is our highest priority.

Trusted by

Built on secure and robust architecture

Parabola runs fully on Amazon Web Services, with servers hosted in the United States. As a cloud provider, AWS guarantees the physical and network security of Parabola’s servers and help us ensure that our server software is always up-to-date and protected from any new threats.

Parabola operates within an Amazon Virtual Private Cloud (VPC), with subnets segregated by security level, and firewalls configured to restrict network access. IAM policies are used to enforce a least privilege access model.

Secure, private, and low-touch from the start

The most sensitive data that Parabola stores is the data that you process with Parabola (through uploading, integrating, creating, or otherwise pulling it into a Flow). We are extremely careful with that data, and it is our highest priority to ensure it is secure.

We make sure to only store the data that is required for running your Parabola Flows as long as its needed. With the exception of files directly uploaded to Parabola, data in a flow is stored for a maximum of 14 days, or until the next time the flow runs.

Sensitive data, like access tokens for integrations, are stored in a separate table of our production database under additional protections and more restricted access privileges. Like all data in Parabola, these are encrypted in transit and at rest.

When a step, file, Flow, user, or team is deleted, all access to its associated data and settings is also deleted. This excludes backups, which can be deleted or restored at the request of the customer who owns that particular flow. Backups are stored for a maximum of 30 days before being deleted.

If you would like to have all of your data deleted from the Parabola platform and our data subprocessors, please send your request to support@parabola.io.

We work with third-party security researchers to double-check our work

Parabola regularly utilizes third-party penetration tests from trusted partners to identify and remedy any vulnerabilities.

Special care to secure your integrations

Parabola maintains secure connections when accessing the services you have integrated with. All web-based data integrations use HTTPS, and we maintain a list of IP addresses that can be put on an accept list by the other service.

SSL is available on all database integrations. All web-based integrations that have OAuth available use it, and any that do not use the most secure form of authentication that the other service supports.

All tokens, keys, and auth credentials are stored in a further secured portion of the database with extremely limited access. As with all data in Parabola, these are encrypted in transit and at rest.

Data encrypted in transit & at rest

All data sent to or from Parabola is encrypted in transit using 256 bit encryption. Our API and application endpoints use industry standard SSL/TLS 1.2+ (Secure Sockets Layer/Transport Layer Security) encryption.

All data is encrypted at rest using an industry-standard AES-256 encryption algorithm.

We never store passwords in plaintext. All passwords are stored as an irreversible hash in our database.

We do not sell or share your data

Parabola does not sell any of your data.

Parabola collects customers' names and email addresses (during the sign up process) to use in our analytics subprocessors. Usage data from the Parabola platform is also collected and sent to our analytics subprocessors.

However, data that is uploaded, created, integrated, or otherwise pulled into Parabola and displayed as the "results" of any step is not sent to any analytics subprocessors. This data is saved and used only to ensure the functioning of the Flows that you create and use on the Parabola platform.

Finding and reporting vulnerabilities

Parabola appreciates security researchers who find and report vulnerabilities without exploiting them. By reporting a vulnerability, you agree to our Vulnerability Reporting Terms and Conditions.

Contact us