Security and trust

Ebsta Application

Chrome Application Description

Ebsta, Essential, Growth and Inbox editions is a set of sales enablement tools delivering end users a connection between CRM, email and browsing data displaying context relative information automatically as they work in their chosen environment, delivered through a Google Chrome Extension served from the Google App Store. Users have email tools enabling them to track recipient email opens/link clicks, replies, use templates when composing emails and add users to email campaigns. Additionally, users can synchronise calendar and contacts.

The Chrome extension acts as a proxy between Chrome/Gmail/CRM with data transmitted between systems via Ebsta but no data stored.

Managed Package Application Description

Ebsta, Team and Enterprise editions, is a front end to the Ebsta data consolidation platform, delivered via a Salesforce Managed Package served from the Salesforce App Exchange. The data consolidation platform allows companies to unlock all the hidden information locked in corporate email systems providing a unified customer view, management of all contacts the business has communicated with, alerts to out of date information, compliance tools and accurate activity based reporting metrics without requirement for user engagement.

Bullhorn Chrome, Outlook & Word Application Description

Ebsta for Bullhorn, all editions, are a set of sales automation tools delivering end users a connection between CRM, Browser, Word, Outlook displaying context relative information automatically as they work in their chosen environment. Users have functionality to allow them to quickly add/update records without the need to keep returning to the CRM.

The Chrome extension delivered through a Google Chrome Extension served from the Google App Store with the Office tools being proprietary delivered by Ebsta. The products act as a proxy between Chrome/Word/Outlook/CRM with data transmitted between systems via Ebsta but no data stored.

Ebsta Architecture

The Ebsta platform runs solely on the Amazon Web Service platform in a virtual private cloud, VPC.

With a layered approach to security and threats Ebsta uses services such as Amazon Elastic Load Balancers, Web Application Firewall, Inspector and follows Amazon’s best practice recommendations. Server access is restricted in private subnets with the configuration of both security (stateful firewall) and network ACL (stateless) for both inbound and outbound traffic. Servers are based on AWS Role security and are split by instance responsibility, communication between our instances internally and externally is transmitted end to using SSL.

AWS Best Practice

Access to servers is via application and HTTPS via users with valid tokens, licences, access rights or via IP restricted VPN (Ebsta only) with MFA.

3rd party data sources (CRM and email providers) connections are managed at server level over SSL.


Hosting Environment

Currently to provide the most performant global solution the Ebsta platform utilises AWS US-East.

Ebsta has signed with Amazon the AWS Data Processing Addendum, which includes the Model Clauses.

AWS EU Data Protection

Sub Processors

Where Ebsta Ltd acts as a data processor on behalf of the data controller the following sub processors are used to assist in delivering the Ebsta services.

  • Amazon Web Services, Inc

Ebsta uses a commercially reasonable selection process to evaluate the security, privacy and confidentiality practices of sub processors and minimises sub processor use to a minimum.

Access Control

Users connect to Ebsta via OAuth using Salesforce as an OAuth provider. Initial connection facilitates Ebsta account (for details of information gathered see our privacy policy) creation, user assignment to org and licensing. Ebsta supports 2 roles, user and administrator. Ebsta administrator permissions are inferred from Salesforce permissions and can be subsequently provided by administrators to users.

All data is accessed in the context of the logged in user and record and field level security is maintained at all times.

Users/customers at all time are in control of assigned tokens and can revoke at any time.

Data Transmission and Storage

All communication with Ebsta occurs via TLS v1+ connections.

Data stored to deliver the features of the Ebsta Team and Enterprise editions is encrypted at rest. Each object is encrypted (AES-256) with a unique key employing strong multi-factor encryption. As an additional safeguard, it encrypts the key itself with a master key that regularly rotates. Through the use of AWS KMS all keys are held securely.

Data Retention

Client data required to deliver the service is stored for the period of the contract. Upon contract termination customer data is destroyed after 30 days. Backup data is retained for 30 days.

Data Access

Application initiated requests for data access pass through multiple application levels to validate that the user is authenticated, licenced and belongs to the customer associated with the data and has the permissions to view/edit as requested. Only upon all checks being successful is data returned.

Administrative access to the production environment is locked down to a few select senior employees via IP restricted VPN requiring multi factor authentication.

Logging & Monitoring

All application layers and processing transactions and system requests are logged and monitored. Infrastructure access is monitored by AWS Cloudwatch. Application performance is monitored by NewRelic. All monitoring systems implement thresholds that when exceeded notify internal personnel via multiple channels 24-7-365.

Incident Response & Disaster Recovery

The Ebsta platform is entirely cloud based. Core services are redundant across multiple data centres and we rely on the BC/DR capabilities of AWS.

In the case Ebsta determined that any customer information was compromised, Ebsta will immediately notify the customer primary contact and the relevant supervisory authority, if relevant, within 72 hours.

Application Development

Ebsta implements security consideration at design time and employs best practice secure coding principles (OWASP) with extensive employee training.

Ebsta runs multiple development, testing, staging environments which contain no client data. Transition of code between environments is subject to peer review and software based analysis before continuous integration. Application and source code is scanned by vulnerability detectors and we are subject to 3rd party security reviews and penetration testing.

Salesforce Security Approved

Ebsta are an official Salesforce ISV Partner. Ebsta has been through the strict security review process which is in place to evaluate the security of their partners to ensure that they are trusted to deliver and handle your valuable data in the same way that they do themselves.


Employees are vetted before employment and all sign up to acceptable usage and confidentiality agreements.

All employees work from Ebsta offices which have 24 hour security and are covered by CCTV.

Issue Reporting

To report any security concern or suspected vulnerability please contact the Ebsta Security Team

Policies/Further information

Ebsta Privacy Policy –

Ebsta’s ISO 27001 Announcement –

Ebsta Terms and Conditions –

AWS Compliance –

AWS Best Practice –

AWS Security –

Salesforce Partner Security –

Salesforce Security Checklist –

To find out more about how Ebsta can help your organisation, please get in touch.