We’re always focused on your information’s security and privacy. That’s why we perform security reviews on every phase of product development, from design to deployment. In addition to conducting peer reviews and automated tests, we ensure the physical security of our certified data centers, go through independent audits, and comply with international data privacy regulations.
Overall, this was a very straightforward test.
Your environment is well locked down and secureSteve Vasconcellos
Director IT Security Services, Clark Number
We never store any of your Salesforce, Exchange, or Google data. We only transfer your information (e.g., your contacts, emails, etc.).
We are compliant with the EU’s General Data Protection Regulation (GDPR).
Our product design, implementation and maintenance processes are tailored to protect your data.
We support any SSO options that our customers use for Salesforce, Microsoft Office 365, and Google accounts, minimizing risks of password cracking.
We support OAUTH 2.0 flow for user authorization to Salesforce, Microsoft Office 365 and Google accounts, and we do not store user credentials.
We undergo an annual independent audit to stay ISO 27001 certified.
A reputable external entity performs penetration testing twice a year.
Access to user configurations and data is on a granular level and is built around the concepts of permissions, roles, principals, resources and authorizations.
Our products can be deployed in multi-tenant mode, which keeps customers’ configurations and data separate at the application and database level. Users can also deploy our products in private tenant configuration, which separates customer data from any other data.
Access to data is managed through registered applications on Salesforce and Office 365.
Information exchange and user interactions are encrypted with SSL.
Configuration data is encrypted while stored in a physical database.
Secrets (tokens, passwords) are encrypted on applications, using keys stored separately from the database. APIs are built to ensure that secrets never leave our perimeter.
Configuration data is continuously backed up. We create multiple copies to facilitate point-in-time restore.
Synchronization data for different customers is physically isolated, which guarantees that there will be no information leaks between customers.
Our products are hosted in Microsoft Azure data centers.
Our products operate as managed cloud solutions and include automatic updates and security patches.
We run the service in a secure network with limited and audited external access.
The instances are constantly monitored for availability and errors to ensure highly available and reliable service.
Our security team is constantly working on improving the security and privacy of your information. We are currently in the process of attaining other security certificates.
If you have any questions about the way your information is protected or about other security matters, please contact us at [email protected]
