Privacy and Security

• Legal compliance

  Revenue Grid implements the required measures to comply with the applicable data protection laws and regulations (EU/UK GDPR, CCPA/CPRA, PIPEDA, FADP) to ensure the most effective protection of personally identifiable information.

• Privacy by design and by default

  Revenue Grid maintains a framework emphasizing integrating privacy measures into systems from their inception and ensuring that privacy features are the
  default settings, promoting proactive and user-centric data protection.

• Privacy protection and security

  Revenue Grid ensures the security of our customers’ data through a strong, thorough, and transparent privacy and security initiative. Your data is safeguarded at all times with robust security measures, regularly validated through internal checks and external audits. We are ISO 27701 certified to ensure the highest level of privacy protection.

• Transparency

  We are committed to transparency in handling personally identifiable information. We believe in empowering individuals by providing precise and accessible information about how their data is collected, processed, and utilized. More details are in our Privacy Policy.

• Sectoral regulations

  Revenue Grid ensures compliance with the sectorial regulations (e.g. HIPAA) and continues enhancing the security measures to protect the data in all spheres of business.

• Secured data transfer

  Revenue Grid provides the highest level of security of the data transfer by using the robust data transfer mechanisms. We are EU-US Data Privacy Framework certified to ensure that the transfer to the USA is secured.

• GDPR

  Revenue Grid complies with the General Data Protection Regulation requirements. You can find our GDPR Statement at the following link: https://revenuegrid.com/gdpr-compliance-assurance Revenue Grid has a representative in the EU whose contact details are available here.

• ISO 27001 (Security) and ISO 27701 (Privacy)

  We undergo an annual independent audit to certify Revenue Grid with ISO 27001 (Security) and ISO 27701 (Privacy).

• SSO

  We support any Single Sign-On that our customer uses for Salesforce, Microsoft Office 365 and Google accounts access to minimize risks of password cracking.

• SOC2 (Type 2)

  We have undergone a SOC 2 Type 2 audit. The report itself and a signed Bridge Letter are available at our Trust Center.

• CSA STAR Level 1

  Cloud security controls compliance self-assessment.

• HIPAA

  The Health Insurance Portability and Accountability Act (HIPAA) in the United States is designed to protect the privacy and security of individuals’ health information. Revenue Grid undergoes an annual external audit for HIPAA compliance.

• OAuth 2.0

  We support OAUTH 2.0 flow for user authorization to Salesforce, Microsoft Office 365 and Google accounts, and do not store user credentials.

• External Penetration testing

  Reputable external entity performs penetration testing on an annual basis.

• Access Control

  Revenue Grid’s design, implementation and maintenance processes are tailored to guarantee customer data security and privacy.

• Tenant Isolation

  Revenue Grid service can be deployed in multi-tenant mode where customer configuration and data is logically separated on application and database level. Also, it can be deployed in private tenant configuration where customer data is physically separate from any other data.

• Uptime and availability

  Revenue Grid offers 24/7 priority support and a 99% uptime commitment to Enterprise customers.

• CASA

  CASA (Cloud Application Security Assessment) is based on the industry-recognized Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS).
  We have successfully completed CASA, validating Revenue Grid for Salesforce and Gmail has satisfied CASA application security requirements.

• PCI DSS

  Revenue Grid does not process cardholder data. Thus, we complete regular Self-Assessment Questionnaires A (card-not-present merchants) as a declaration of the results of the Revenue Grid self-assessment with the Payment Card Industry Data Security Standard Requirements and Security Assessment Procedure (PCI DSS).

BitSight

Our security team is constantly working on improving the security and privacy of your information.

If you have any questions about the way your information is protected or about any other security matter, please get in touch with us via [email protected].