B Lab Company (hereafter referred to as "B Lab", "we", "us", or "our") respects your security and is committed to protecting your personal data. This Security Notice will inform you of B Lab’s security practices.
B Lab utilizes reasonable administrative, technical, and physical safeguards to protect personal information against unauthorized access, use, disclosure, modification, and destruction. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or otherwise wrongfully disclosed. Moreover, B Lab utilizes data minimization practices and limits access to personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. See B Lab’s Privacy Notice for more detail on how B Lab protects your privacy.
Furthermore, B Lab collects company, personal and assessment data via a web-based application known as the B Impact Assessment, and company and personal data via the B Hive, our community platform for Certified B Corporations. The applications serve and collect all data over SSL. B Lab also protects against web security vulnerabilities by using secure encryption and authentication technologies. B Lab regularly employs robust security measures to protect its users.
B Lab uses Amazon Web Services (AWS) S3 Buckets, a cloud services platform, to provide secure, permission-based file and asset storage for any file uploaded via the B Impact Assessment application. For more information on AWS S3 buckets, please see the AWS website here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingBucket.html. In addition, B Lab regularly updates its applications and supporting libraries according to industry best practices. B Lab takes care to track security updates for its applications, and typically installs them on the release date.
We have put in place procedures to deal with any suspected security breach and will notify you, and any applicable regulator, of a breach where we are legally required to do so. In addition, to the extent your account information is protected by a password, it is important that you protect against unauthorized access of your account and information by choosing your password carefully, and keeping your password and computer secure by signing out after using our services. To prevent any brute force attacks, such as credential stuffing, B Lab employs robust security measures, as outlined above, and encourages users to create, and regularly update, passcodes unique to the portal and not used on other sites.
By using B Lab’s Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services, by mail, or by sending you an email.
Please keep in mind that no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee absolute security.