Security & Trust
How we protect your data
Boom Interactive builds software for facilities management, proptech, and investor relations. Security is built into how we architect, host, and operate CoreSpec 3D—not bolted on afterward.
Compliance status
We operate a formal ISO/IEC 27001-aligned information security management system (ISMS)—implemented and operating today, with certification in progress. SOC 2 is planned on the same control set. We do not represent that we hold certifications that have not yet been issued.
- ISO 27001 — ISMS implemented; certification in progress
- SOC 2 — planned
- GDPR — aligned; Data Processing Addendum + Standard Contractual Clauses available
How we protect your data
- Encryption everywhere — TLS 1.2+ in transit; AES-256 at rest.
- Least-privilege access — AWS IAM, database access controls, and AWS Cognito; MFA enforced on all administrative accounts.
- Tenant isolation — customer data logically segregated at the application and database layer.
- US data residency — hosted in AWS (us-west-2), with Standard Contractual Clauses for EU customers.
- Backups & recovery — automated backups with a tested restore process.
- Incident response — documented plan with prompt customer notification.
Built on trusted infrastructure
Our live platform runs on Amazon Web Services (EKS, RDS PostgreSQL, Cognito, and S3 in us-west-2), which maintains its own SOC 2 and ISO 27001 certifications. We secure our configuration on top of it with network isolation, audit logging, and least-privilege access.
Secure development
- Version control with peer-reviewed changes before production.
- Separated development, staging, and production environments.
- Automated dependency vulnerability scanning.
Sub-processors
We rely on vendors that maintain industry-standard security certifications:
- Amazon Web Services — live platform (hosting, database, storage, identity). SOC 2, ISO 27001.
- Google Workspace — email & collaboration. SOC 2, ISO 27001.
- GitHub — source control & CI/CD. SOC 2.
A full sub-processor list is available on our Sub-processors page.
Request documentation
Our security questionnaire response, policy summaries, sub-processor list, and Data Processing Addendum are available to customers and prospects under NDA. Contact info@cs3d.ai.
This page reflects controls in place and in active implementation as part of our ISO 27001 program. Boom Interactive does not represent that it holds certifications that have not yet been issued. Last updated: June 2026.