We are continuously highly focused on security and privacy of your information. That’s why we perform security reviews on every phase of product development, from design to deployment; conduct peer reviews and automated tests; ensure physical security of certified data centers; go through independent audits and comply with international data privacy regulations.
Overall, this was a very straight forward test.
Your environment is well locked down and secureSteve Vasconcellos
Director IT Security Services, Clark Number
We never store any of your Salesforce, Exchange, or Google data, like contacts, emails, and so on.
We are compliant with the EU General Data Protection Regulation.
Our products design, implementation and maintenance processes are tailored to guarantee customer data security and privacy.
We support any Single Sign-On that our customer uses for Salesforce, Microsoft Office 365 and Google accounts access to minimize risks of password cracking.
We support OAUTH 2.0 flow for user authorization to Salesforce, Microsoft Office 365 and Google accounts, and do not store user credentials.
We undergo annual independent audit to certify our products with ISO 27001 Certificate.
Reputable external entity performs penetration testing twice a year.
Access to user configuration and data is set up on granular level, and is built around concept of Permissions, Roles, Principals, Resources and Authorizations
Our products can be deployed in multi-tenant mode where customer configuration and data is logically separated on application and database level. Also, it can be deployed in private tenant configuration where customer data is physically separate from any other data.
Access to data is performed through registered applications on Salesforce and Office 365.
Information exchange and user interactions are encrypted with SSL.
Configuration data is encrypted at rest on physical database level.
Secrets (tokens, passwords) are encrypted on application level using keys stored separately from DB. APIs are built in a way where secrets never leave our perimeter.
Configuration data is continuously backed-up; it exists in multiple copies with ability to do point-in-time restore.
Synchronization data for different users is physically isolated, which guarantees information cannot leak between users.
Our products are hosted in Microsoft Azure data centers.
Our products operate as managed cloud solutions which include automatic updates and security patches.
We run the service in secure network with limited and audited external access.
The instances are constantly monitored for availability and errors to ensure highly available and reliable service.
Our security team is constantly working on improving security and privacy of your information. We are now in the process of attaining other security certificates.
If you have any questions about the way your information is protected or about any other security matter, please get in touch with us via [email protected]