Trust Center · Last updated 2026-04-11

Security and compliance you can verify.

Backbuild — a division of Gable Digital Solutions, Inc. — publishes its security posture, audit status, and privacy commitments openly so customers, security reviewers, and auditors can confirm the controls behind the platform. Gable Digital Solutions, Inc. is the legal entity that operates the platform and is the party to all customer agreements.

View compliance status Security program Report a vulnerability

6 Frameworks tracked

100% MFA enforced

TLS 1.3 In transit minimum

AES-256-GCM At rest

<24h Critical patch SLA

Compliance status

Evidence packages available under NDA

SOC 2 Type II

AICPA · TSC 2017

In progress

Observation period underway. Type II report targeted for Q4 2026. Interim gap-assessment letters available for prospects.

ISO 27001:2022

ISO/IEC · ISMS

In progress

ISMS scope and Statement of Applicability complete. Certification audit targeted for Q1 2027 against the 2022 Annex A controls.

HIPAA

HHS · 45 CFR 164

Aligned

Administrative, physical, and technical safeguards implemented per §164.308–§164.312. Business Associate Agreement available.

PCI DSS v4.0

PCI SSC

Controls aligned

Backbuild does not store, process, or transmit cardholder data directly. Payments are tokenized via Stripe (PCI Level 1).

FedRAMP Moderate

NIST 800-53 Moderate

Roadmap

Control library aligned with the NIST 800-53 Moderate baseline. Authorization not committed at this time; engage for federal opportunities.

GDPR / UK GDPR

EU 2016/679 · UK 2018

Compliant

Data Processing Agreement with Standard Contractual Clauses available. Data subject rights workflow in production.

Program areas

Detailed posture for each domain

Security program

Encryption, authentication, access control, vulnerability management, and penetration testing.

Privacy and data handling

Data residency, retention, processing records, and data subject rights workflow.

Infrastructure

Hosting topology, availability targets, and business-continuity posture for the Backbuild platform.

Sub-processors

Third parties with access to customer data, the categories of data shared, and where each receiver is located.

Data Processing Agreement

DPA and the Standard Contractual Clauses customers can execute for cross-border transfers.

Report a vulnerability

Coordinated disclosure policy, severity rubric, and the channel to reach our security team.

Legal entity

Who you are doing business with

Backbuild is a product and division of Gable Digital Solutions, Inc., a Delaware corporation. Gable Digital Solutions, Inc. is the legal entity that operates the Backbuild platform and is the party to all customer agreements, including the Terms of Service, Data Processing Agreement, Business Associate Agreement, and Privacy Policy.

For the personal data of Backbuild customers' end users that is processed on the platform, Gable Digital Solutions, Inc. acts as the data processor on behalf of the customer (who is the controller). For Gable Digital Solutions, Inc.'s own business records — customer account information, billing, support tickets, platform audit logs — Gable Digital Solutions, Inc. acts as the data controller. See data processing and DPA for the complete role-by-data-category breakdown.

Need more information?

Security questionnaires, architecture diagrams, penetration test executive summaries, and policy documents are available to customers and prospective customers under NDA. Initial responses are typically within two business days.

Security team: security@backbuild.ai
Privacy and data protection: privacy@backbuild.ai
Vulnerability reports: Responsible disclosure policy