Privacy and Security

We are continuously highly focused on security and privacy of your information. That’s why we perform security reviews on every phase of product development, from design to deployment; conduct peer reviews and automated tests; ensure physical security of certified data centers; go through independent audits and comply with international data privacy regulations.

img-security

  • img-iso
  • img-privacy-shield
  • img-gdpr
  • img-penetration-tested

Overall, this was a very straight forward test.
Your environment is well locked down and secure

Steve Vasconcellos

Director IT Security Services, Clark Number

Privacy

  • No data storing

    We never store any of your Salesforce, Exchange, or Google data, like contacts, emails, and so on.

  • GDPR

    We are compliant with the EU General Data Protection Regulation.

  • Secure by Design

    Our products design, implementation and maintenance processes are tailored to guarantee customer data security and privacy.

Security

  • SSO

    We support any Single Sign-On that our customer uses for Salesforce, Microsoft Office 365 and Google accounts access to minimize risks of password cracking.

  • OAuth 2.0

    We support OAUTH 2.0 flow for user authorization to Salesforce, Microsoft Office 365 and Google accounts, and do not store user credentials.

  • ISO 27001

    We undergo annual independent audit to certify our products with ISO 27001 Certificate.

  • External Penetration testing

    Reputable external entity performs penetration testing twice a year.

  • Access Control

    Access to user configuration and data is set up on granular level, and is built around concept of Permissions, Roles, Principals, Resources and Authorizations

  • Tenant Isolation

    Our products can be deployed in multi-tenant mode where customer configuration and data is logically separated on application and database level. Also, it can be deployed in private tenant configuration where customer data is physically separate from any other data.

Data Protection

  • Access to data

    Access to data is performed through registered applications on Salesforce and Office 365.

  • In-transit encryption

    Information exchange and user interactions are encrypted with SSL.

  • At rest encryption

    Configuration data is encrypted at rest on physical database level.

  • Secrets handling

    Secrets (tokens, passwords) are encrypted on application level using keys stored separately from DB. APIs are built in a way where secrets never leave our perimeter.

  • Data backup and point-in-time restore

    Configuration data is continuously backed-up; it exists in multiple copies with ability to do point-in-time restore.

  • Data isolation

    Synchronization data for different users is physically isolated, which guarantees information cannot leak between users.

Infrastructure

  • Data centers

    Our products are hosted in Microsoft Azure data centers.

  • Security Updates

    Our products operate as managed cloud solutions which include automatic updates and security patches.

  • Firewalls and network access

    We run the service in secure network with limited and audited external access.

  • Monitoring

    The instances are constantly monitored for availability and errors to ensure highly available and reliable service.

Dedicated to security

Our security team is constantly working on improving security and privacy of your information. We are now in the process of attaining other security certificates.

If you have any questions about the way your information is protected or about any other security matter, please get in touch with us via [email protected]