Gallabox Docs
ChangelogHow To GuidesAPI DocsStatus pageVisit our websiteFeedback
Gallabox Docs
Gallabox Docs
  • Welcome to Gallabox Docs
  • šŸ†•Get Started
    • Pre-requisites
    • Signup
    • Explore Demo Account
    • Activate Free Trial
  • āœ…Connect WhatsApp Channel
    • Connect your WhatsApp
    • Meta Business Verification
    • Apply for WhatsApp Blue Tick
    • Migrate to Gallabox
    • Messaging Limits & Quality Ratings
    • Gallabox Account Setup FAQs
  • 🈁CONVERSATIONS
    • Gallabox Conversations Glossary
    • Team Inbox
    • Initiate a New Chat
    • Compose Box
    • Inboxes
    • Manage Inbox
    • Views
    • Efficiently using inbox
    • Gallabox Conversations FAQs
  • šŸ“˜CONTACTS
    • Gallabox Contact Glossary
    • Add Contact
    • Contact Segments
    • Contact Management
    • Contact Updation
    • Contact Deletion
    • Export Contacts
    • Marketing Opt-In
      • Marketing opt-in on contact creation
      • Marketing opt-in Handling Methods
      • Marketing opt-out Management
  • šŸ¤–BOTS
    • Gallabox Bot Glossary
    • Things to know before building your first bot
    • Bot Essentials
    • Bot in Gallabox
      • Create a Bot using AI
      • Create a Bot using Bot Templates
      • Create a Bot from Scratch
    • Flow in the Bot
      • AI Based Flow
      • CTWA Ad Based Flow
    • Send Card
      • Send Text
      • Send Media
      • Send Collection
      • Send Products
      • Send Voice
      • Send Template
      • Send Form
      • Send Location
      • Send Payments
    • Ask Questions
      • Ask Text
      • Ask Number
      • Ask Phone
      • Ask Email
      • Ask Date
      • Ask Location
      • Ask Address
      • Ask URL
      • Ask File
      • Ask Button Option
      • Ask List Option
      • Ask Keyword Option
      • Ask Collection List
      • Ask Form
      • Ask Payments
    • Bot Utilities
      • Send Button Option
      • Send List Option
      • Delay
      • Condition
      • Set Variable
      • Jump to
      • Switch
      • AI node - GPT Dialog
      • AI node - GPT Knowledge Base
      • Working hours
      • Hint
      • Wait for order
    • Bot Actions
      • Assign Conversation
      • Unassign Conversations
      • Resolve Conversations
      • Update Conversation Fields
      • Update Contact Fields
      • Update Company Fields
      • Push to Sequence
      • Add Note & Mention
      • Conversion Events
    • Bot Connectors
      • Connect your system with the WhatsApp chat bot using API
      • Connect WhatsApp and Google Sheets to Collect Responses
      • Send payment links via WhatsApp chatbot using Razorpay integration
      • Send your WhatsApp data to Zoho CRM using Chatbot
      • Connect Shopify and WhatsApp to collect orders using chatbot
      • Send your WhatsApp data to HubSpot using Chatbot
      • Send your WhatsApp data to Zoho Bigin using Chatbot
      • Send your WhatsApp data to Leadsquared using Chatbot
      • Send your WhatsApp data to WooCommerce using Chatbot
      • Connect ChatGPT with WhatsApp in Gallabox Chatbot
      • Zoom WhatsApp Integration - How to enable webinar registration on WhatsApp
      • Send your WhatsApp data to Sangam CRM using Chatbot
      • Send payment links via WhatsApp chatbot using PhonePe
      • Send Payment links via WhatsApp Chatbot using Stripe
      • Enhance Chatbot with ElevenLabs AI Voice Synthesis
      • Send your WhatsApp data to Pipedrive CRM using Chatbot
    • Set up Default Bot
    • Bot Management
    • Gallabox Bot FAQs
  • šŸ”ŠBROADCAST
    • Gallabox Broadcast
    • Select Template
    • Select Audience
    • Review and Send Broadcast
    • Broadcast Analytics and Report
    • Gallabox Broadcast FAQs
  • šŸ”¢WHATSAPP DRIP CAMPAIGNS
    • Understanding Drip Marketing
    • Basics of Drip Campaign
    • Create New Drip Campaign
    • Drip Campaign Setup
    • Drip Campaign Message Management
    • Campaign Management Options
    • Drip Campaign Analytics
    • Gallabox WhatsApp Drip Marketing FAQs
  • šŸ“ˆAD CAMPAIGNS
    • CTWA in Gallabox
    • Create your Campaign
    • Click To WhatsApp Analytics
    • CAPI Integration
    • Gallabox CTWA FAQs
  • šŸ›’WHATSAPP SHOP
    • Gallabox WhatsApp Shop Overview
    • Connect the Catalog with Meta
    • Connect Catalog with Gallabox
    • WhatsApp Order Summary
    • Gallabox WhatsApp Shop FAQs
  • šŸŖ™PAYMENTS
    • Gallabox Native Payments Overview
    • Establish Connection
    • Sending Payment Links
    • Tracking Payments
    • Gallabox Native Payment FAQs
  • šŸ”ƒWhatsApp Forms
    • Gallabox WhatsApp Forms Overview
    • Create WhatsApp Forms
      • Create WhatsApp Forms in Gallabox
      • Create WhatsApp Forms with Template Builder
      • Create WhatsApp Forms using JSON
    • Sending a WhatsApp Form
      • Send WhatsApp Form in a Message Template
      • Send WhatsApp Form in a Bot
    • Receiving Response of WhatsApp Forms
    • Best Practices for WhatsApp Forms
    • Gallabox WhatsApp Forms FAQS
  • ā„¹ļøWHATSAPP CHANNEL
    • Channel Settings
    • Manage your Connections
    • Widget for your website
    • Configuration Message Settings
    • Block List
    • User Mapping
    • Assignments Rules
    • Compliance Info
    • Account Profile Info
    • WhatsApp Channel FAQs
    • WhatsApp Business API Errors
  • 🚧INTEGRATION
    • E-commerce Platforms
      • Shopify
        • Shopify Template Variables for WhatsApp Messages
        • Workflows for Shopify
      • WooCommerce
        • Workflows for WooCommerce
      • WooCommerce Cart Abandonment Recovery
      • Shopflo
    • Customer Relationship Management (CRM) Systems
      • HubSpot
        • Workflows for HubSpot
      • Kylas
        • Workflows for Kylas
      • Zoho CRM & Signals
        • Workflows for Zoho
      • Leadsquared
        • Workflows for LeadSquared
      • Sangam
      • Pipedrive
      • Odoo
    • Shipping and Logistics
      • ShipRocket
        • Workflows for ShipRocket
      • Shipway
        • Workflows for Shipway
    • Payment Gateways
      • Cashfree
        • Workflows for Cashfree
      • Razorpay
        • Workflows for Razorpay
      • Stripe
        • Stripe Workflows
    • Marketing and Engagement Platforms
      • WebEngage
        • WebEngage WhatsApp Campaigns
      • MoEngage
      • Facebook Leads
        • Send Automated Messages on WhatsApp to Facebook Leads
        • Send Sequence of Messages to Facebook Leads
      • CleverTap
      • Fyno
    • Other Integrations
      • Generic Webhooks
      • Google Sheets
      • Pabbly
      • Zapier
      • Zoho Books
        • Zoho Books Notifications
        • Workflow for Zoho Books
      • Calendly
        • Workflows for Calendly
      • Miitel
    • Gallabox Integration FAQs
  • āš™ļøACCOUNT MANAGEMENT
    • Account Essentials
    • User Details
    • User, Teams, and Roles
    • Account Details
  • šŸ’°Pricing & Billing Modules
    • Conversation Pricing
    • Message Credits
    • Billing & Subscriptions
    • FAQs
  • 🚾Web-Chat Channel
    • Web-Chat Channel
  • 🧰Basic Modules
    • WhatsApp Templates
      • Template Creation and Editing
      • Re-write with AI
      • Custom Marketing and Utility Templates
      • Product Marketing Templates
      • Authentication Templates
      • Limited-Time Offer Templates
      • Order Details Template
      • Coupon Code WhatsApp Template
      • Carousel Template
      • WhatsApp template URL tracking
      • FAQs - WhatsApp Template Messages
    • Contact Fields
    • Conversation Fields
    • Tags
    • Message Tracker
    • Canned Responses
  • šŸ”’Account Security Features
    • Allowed IPs
    • Activity Log
    • Two Factor Authentication
  • šŸ‘Øā€šŸ’»DEVELOPER RESOURCES
    • API Key and Secret
    • API Docs
    • Webhook
    • Conversation Widget
  • šŸ“ŠREPORTS & ANALYTICS
    • Dashboard
    • WhatsApp Failed Messages
    • WhatsApp Notification Messages
    • Conversation Report
  • Privacy and Security
    • Data Security and Infra
    • Subprocessors
    • Data Processing Agreement
  • šŸ‘¾EXTRAS
    • WhatsApp Business API - Unsupported Messages
    • Understanding Message Delivery Issues on WhatsApp
    • WhatsApp’s New Per-user Messaging Limits
  • Frequently Asked Questions
Powered by GitBook
On this page
  1. Privacy and Security

Data Security and Infra

Discover how Gallabox prioritizes data security with a multi-layered approach, including infrastructure, access controls, encryption, and auditing, to safeguard customer data integrity.

In the rapidly evolving digital landscape, data security remains a paramount concern for any software products. Gallabox solution adheres to the highest standards of data security, ensuring the integrity, confidentiality, and availability of customer data. This section outlines our robust approach to securing data across various dimensions of our product.

Advanced Role-Based Access and Audit Controls
  • Two-Factor Authentication: Adds an additional layer of security for user authentication.

  • Granular Role-Based Controls: Implements team-based and channel-based access with features like phone masking.

  • Internal Restrictions: Ensures data is not accessible outside the organization.

  • Exhaustive Audit Logs: Keeps detailed records of all data interactions.

  • Controlled Troubleshooting: Allows troubleshooting only with approved access.

Secure and Scalable Hosting Infrastructure
  • Scalability: Supports both horizontal and vertical scaling for consistent performance.

  • Advanced Cloud Infrastructure: Implements cutting-edge cloud infrastructure and data security principles.

  • Role-Based Authentication: Ensures data is accessible only to authorized personnel.

  • Secure Data Downloads: Data extraction is controlled and requires necessary approvals.

  • Integration Flexibility: Offers various secure integration models, including HTTPS.

  • Containerization: Utilizes Docker for secure and efficient application deployment.

  • Inbuilt Security in AWS and MongoDB Atlas: Leverages inherent security features for enhanced protection.

Enhanced Data Security Measures
  • HTTPS for Secure Communication: Utilizes trusted, auto-renewable certificates for HTTPS integrations.

  • Encryption: Ensures all data is encrypted in transit (TLS 1.2/1.3) and at rest (AES-256)

  • Authorized User Access: Restricts data viewing to authorized users on the Gallabox Web/App Console, additionally we enforce Multi-Factor Authentication (MFA) for all users

  • Role-Based Data Access: Implements client-defined, authenticated roles for data access.

  • Database Security: Limits database access to approved IPs within the VPC.

  • Audit Trail: Maintains detailed logs of all data access and modifications.

Robust Backup and Recovery Infrastructure
  • Geographic Distribution: Backups are distributed across multiple zones, with a primary data center in the US.

  • Continuous Backup and Easy Restoration: Offers 2-hour continuous backup and efficient one-click data restoration.

Secure Source Code Management
  • Private Repositories: Manages source code in secure, private GitHub repositories.

  • Two-Factor Authentication: Requires this for all contributors' GitHub accounts.

  • Regular Key Rotation: Periodically rotates SSH keys and Personal Access Tokens.

  • Strategic Release Management: Employs well-defined branching strategies for controlled releases and rollbacks.

  • Continuous Integration: Uses Jenkins for continuous integration and code audits.

Data Security Controls

Gallabox follows industry-standard security practices to ensure the protection of customer data. We have implemented multi-layered security controls across four key areas:

Predict (Proactive Risk Assessment & Monitoring)

āœ… Penetration Testing – Periodic tests to identify vulnerabilities in applications & infrastructure āœ… Security Audits – Annual audits for compliance, we are in-process of getting SOC 2 and GDPR compliant

In-Progress:

āœ… Risk Assessments – Regular security risk assessments & threat modeling


Prevent (Prevention of Security Incidents)

āœ… Access Control – Role-Based Access Control (RBAC) & Least Privilege Principle āœ… Multi-Factor Authentication (MFA) – Enforced for all user accounts āœ… Data Encryption – AES-256 encryption for data at rest, TLS 1.2/1.3 for data in transit āœ… Firewall & Network Security – Cloud-based Web Application Firewall (WAF) and VPN restrictions āœ… Secure Software Development (DevSecOps) – Code security reviews, secure API practices, and CI/CD security integration


Detect (Real-Time Threat Monitoring & Logging)

āœ… Security Information and Event Management (SIEM) – Logs all security events for anomaly detection āœ… Endpoint Detection & Response (EDR) – Protects against malware & insider threats

In-process

āœ… Intrusion Detection System (IDS) – Monitors network traffic for suspicious activity āœ… Cloud Security Monitoring – Continuous monitoring of cloud workloads for unauthorized access āœ… Automated Log Analysis – Real-time alerts for potential data breaches or security violations


Correct (Incident Response & Recovery Mechanisms)

āœ… Incident Response Plan (IRP) – 24/7 security team for rapid incident response āœ… Data Backup & Disaster Recovery – Regular backups with geo-redundant storage for data integrity āœ… Forensic Investigations – Root cause analysis for security incidents, followed by corrective action

In-progress:

āœ… Automated Threat Mitigation – AI-driven security response to mitigate risks in real-time āœ… Breach Notification Policy – Any security breach is reported within 48 hours per GDPR guidelines


In summary, Gallabox is fortified with a multi-faceted approach to data security, encompassing robust infrastructure, stringent access controls, comprehensive encryption, and proactive auditing and recovery measures. These practices collectively ensure the security and integrity of our client's data, making our solution a reliable and trusted choice in the market.

PreviousConversation ReportNextSubprocessors

Last updated 2 months ago