What data are we keeping secure?
Assuming we integrate with your Zendesk platform, we'll have access to all customer data points in the CRM.
While we have access, we will never use or process your customers' data for anything other than intended and agreed upon. We take free text from conversations, reviews and surveys to output insights to your view on the platform.
Under GDPR, we are legally a data processor and you are the data controller. We are completely GDPR compliant.
See our:
1. Data Protection Policy
2. Data Privacy and GDPR Agreement
How do users authenticate to the SentiSum dashboard?
The SentiSum dashboard users authenticate using their secure username and password along with 2FA.
The authentication mechanism leverages AWS Cognito over SSL. For our enterprise customers, users authenticate using SSO
Where are your data centers?
UK and Ireland
Who are your current subprocessors?
AWS Ireland and Google Ireland
What’s your data retention policy?
At the end of the commercial contract, all the data is permanently deleted within 30 days of contract termination.
What certification and penetration testing have you done?
We're very cautious with our customer's data. We've undertaken excessive security testing to ensure protection.
We've completed:
• Penetration testing:
• Cyber Essentials Plus (Read about the certification here)
In Progress: SOC 2 (expected Dec 2022)
What about your internal information governance security?
Please read the below documents to understand our ISG.
• Here's our incident response policy
• Data classification policy
What additional security do you have in regards to employees?
Here's our process to manage data access for new joiners and leavers.
We make sure our team is aware of the company-wide Information Security Policy. Our contracts of employment contain clear Information Security Responsibilities that must be followed by all employees.
How do you encrypt your data?
When data is at rest on our AWS servers we have full-disk encryption.
We use 256-bit Advanced Encryption Standard (AES-256) which is compliant with standards outlined in FIPS 140.When data is in transit, we apply encryption using TLS v1.2+.
We tightly control our encryption keys using AWS Key Management Service (AWS KMS). AWS KMS keys are protected by hardware security modules that are validated by the FIPS 140-2 Cryptographic Module Validation Program
Who has access to our data?
We control access to all data with a clear authentication and authorisation policy. Not every employee has equal access and customers are only able to see their own data.
Access to our servers must go through our VPN which only a restricted number of people have admin access to.
When our dashboard interacts with the APIs we use, we ensure secure access under the OAuth standard.
What's your Business Continuity & Disaster Recovery plan?
We regularly backup all data and have diversified our data centres.
Do you have an IT equipment usage policy in place?
Yes, we do. You can find it here.
How do you make sure your software development is safe and secure?
We have separate environments to build and produce our software. Our customer data is not used during development and testing and is separated from risk.
Please find our system development policy documentation here.
If you have any further questions, we're always available to help out.
Please reach out on contact@sentisum.com