Security and Compliance

We recognize that your data is very sensitive and needs to connect to your entire tech stack fully. We combine enterprise-grade security features with comprehensive audits of our applications, systems, and networks to ensure customer data is protected while assuring integrations with your favorite tools.

SOC 2 Type 2 Certified

We demonstrate continuous security effectiveness and data protection through enterprise-grade security features and comprehensive audits.

GDPR Compliant

We prioritize GDPR and privacy compliance, offering a personalized approach for your business to set its own preferences as a controller.

App & Development Security

We conduct regular internal and external pen tests, utilize a WAF for threat identification, and ensure third-party apps meet security standards.

SOC 2 Type II

Boomerang is a product of INC. BuyerAssist achieved SOC 2 Type II accreditation in April 2023, demonstrating continuous effectiveness of our security controls. BuyerAssist employs data protection and privacy by design, combining enterprise-grade security features with comprehensive audits of our policies, applications, systems, and networks.


We know that maintaining GDPR & privacy compliance is a top priority for your business. That’s why BuyerAssist takes a holistic and personalized approach to compliance, maintaining GDPR compliance ourselves, and enabling your business to set its own compliance preferences, as a controller.

Secure infrastructure provider

BuyerAssist hosts all its software in Amazon Web Services (AWS) facilities in the USA. All of the BuyerAssist servers are located within a virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.

Data encryption in transit & at rest

All data sent to or from BuyerAssist is encrypted using TLS, and all customer data is encrypted using AES-256

Strict access controls

Access to all BuyerAssist systems is managed through our identity provider, which automates user provisioning, enforces 2FA, and logs all activity.

Server security and monitoring

All servers are configured using a documented set of security guidelines, and images are managed centrally. Changes to the company’s infrastructure are tracked, and security events are logged appropriately.

Formal security policies and incident response plan

BuyerAssist maintains a set of comprehensive security policies that are kept up to date to meet the changing security environment. These materials are made available to all employees during training and through the company’s knowledge base.

Strict onboarding and offboarding process

Every new hire must pass a thorough background check and attend an InfoSec training course once a year. We instantly disable departing employees’ devices, apps, and access during offboarding.

Workstation Monitoring

BuyerAssist monitors employees’ workstations to keep all the checks like disk encryption, screen timeout, strong passwords, and antivirus in place.

Continuous security training

The BuyerAssist Security Team provides continuous education on emerging security threats, performs phishing awareness campaigns, and communicates with employees regularly.


We regularly run internal pen tests and partner with reputable security firms to run external pen tests

Application monitoring and protection

All app access is logged and audited. We also use a wide variety of solutions to quickly identify and eliminate threats, including a Web App Firewall (WAF)

Development and change management process

Code development is done through a documented SDLC process, and every change is tracked via GitHub. Automated controls ensure changes are peer-reviewed and pass a series of tests before being deployed to production.

Third-party vendor security review process

We ensure that all of our third-party apps and providers meet our security data protection standards before using them.