Security
At Backoffice, the security and privacy of our users' data is a core priority. We are committed to maintaining strong protections, secure infrastructure, and transparent processes to ensure trust across all parts of our platform — from our web and mobile interfaces to integrations with Slack, Google Workspace, and other connected services.
Platform Security
- Infrastructure: Backoffice is hosted on Amazon Web Services (AWS), leveraging secure cloud architecture in the Frankfurt (EU) region.
- Data Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Authentication: Backoffice uses secure OAuth 2.0-based authentication to authorize access across all connected services. Current supported providers include Google and Slack, with additional identity providers planned. All access tokens are encrypted at rest, scoped to the minimum required permissions, and managed according to the principle of least privilege. Support for SAML and enterprise identity providers is in our roadmap to meet the needs of larger organizations.
- Access Controls: Internal access to systems is strictly limited, monitored, and role-based. Admin actions are logged and audited.
- Data Isolation: Workspace-level isolation ensures your organization's data is never accessible to another workspace.
Data Retention & Deletion
- Backoffice retains user and workspace data only for as long as required to deliver our services or comply with legal obligations.
- Users may delete their data via the app or by emailing privacy@backoffice.ai.
- Deletion requests are processed within 5 business days and cover all active and backup systems (within retention lifecycle).
Sub-processors
To deliver our services, Backoffice may engage trusted third-party service providers who process user data on our behalf. These third parties, or sub-processors, help us with core functionalities such as cloud hosting, AI processing, analytics, and system monitoring. We take steps to ensure that all sub-processors adhere to the same high standards of data protection and security as we do.
We currently use the following sub-processors
| Sub-processor | Purpose | Data Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting & infrastructure | Frankfurt, Germany (EU) |
| OpenAI | Large Language Model processing (AI tasks) | United States |
| Mixpanel | Analytics & user behavior tracking | United States |
| Sentry | Error monitoring & diagnostics | United States |
Vulnerability Disclosure Program
We encourage security researchers and users to responsibly disclose any security vulnerabilities they find in our systems — including our Slack integration.
How to Report
If you discover a potential security issue, please contact us at security@backoffice.ai.
Please include:
- A description of the issue
- Steps to reproduce (if applicable)
- Any supporting materials (logs, screenshots, etc.)
What to Expect:
- We'll acknowledge your report within 3 business days
- We aim to investigate and remediate valid issues promptly
- We may reach out for clarification or updates as we address the report
We ask that you do not publicly disclose the issue until we've resolved it.
Responsible Use of LLMs
Backoffice integrates with leading LLM providers — including OpenAI's GPT-4-turbo — to power intelligent task automation and natural language understanding. Our architecture is designed to support multi-model deployments, enabling us to route tasks through the most suitable model based on performance, privacy, and context.
LLM usage is governed by strict scope, zero-retention policies, and no training is performed on user prompts or responses. All data passed to models is transient, task-specific, and securely handled according to our privacy standards.
Questions?
For any security or privacy-related inquiries, contact: