Boomerang Product Security

Hosted Data

Boomerang takes security and privacy very seriously.  All servers are hosted in data centers that are both SAS-70 Type II and ISO 27001 certified. 

Boomerang does not store message bodies in any form. The Boomerang servers store only message headers, used to uniquely identify messages when sending or returning them.


Baydin, Inc (the parent company of Boomerang) completes SOC-2 Type II audits annually.


Boomerang does not have access to user passwords. Boomerang for Outlook relies on Microsoft OAuth 2.0 for authentication.