Boomerang product security

Hosted data

Boomerang takes security and privacy very seriously.  All servers are hosted in data centers that are both SAS-70 Type II and ISO 27001 certified. 

Boomerang does not store message bodies in any form. The Boomerang servers store only message headers, used to uniquely identify messages when sending or returning them.


Baydin, Inc (the parent company of Boomerang) completes SOC-2 Type II audits annually.


Boomerang does not have access to user passwords.  Boomerang for Gmail relies on Google OAuth 2.0 for authentication.

Verified by Google

Boomerang has undergone Google’s OAuth API verification process, which includes a Privacy Policy review and a security assessment.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us