Assuming we integrate with your Zendesk platform, we'll have access to all customer data points in the CRM.
While we have access, we will never use or process your customers data for anything other than intended and agreed upon. We take free text from conversations, reviews and surveys to output insights to your view on the platform.
Under GDPR, we are legally a data processor and you the data controller. We are completely GDPR compliant (see our data protection policy here).
We're very cautious with our customer's data. We've undertaken excessive security testing to ensure protection.
• Penetration testing:
• Cyber Essentials Plus (Read about the certification here)
Please read the below documents to understand our ISG.
• Here's our incident response policy.
• Data classification policy.
• Here's our process to manage data access for new joiners and leavers.
We make sure our team is aware of the company-wide Information Security Policy: our contracts of employment contain clear Information Security Responsibilities that must be followed by all employees.
When data is at rest on our AWS servers we have full-disk encryption. We use 256-bit Advanced Encryption Standard (AES-256) which is compliant with standards outlined in FIPS 140.
When data is in transit, we apply encryption using TLS v1.2+.
We tightly control our encryption keys using AWS Key Management Service (AWS KMS). AWS KMS keys are protected by hardware security modules that are validated by the FIPS 140-2 Cryptographic Module Validation Program
We control access to all data with a clear authentication and authorisation policy. Not every employee has equal access and customers are only able to see their own data.
Access to our servers must go through our VPN which only a restricted number of people have admin access to.
When our dashboard interactions with the APIs we use, we ensure secure access under the OAuth standard.
We have not yet implemented this security feature. It's pending and we expect to have it in place in 2021.
We regularly backup all data and have diversified our data centres.
Yes, we do. You can find it here.
We have separate environments to build and produce our software. Our customer data is not used during development and testing and is separated from risk.
Please find our system development policy documentation here.
If you have any further questions, we're always available to help out. Please reach out on email@example.com
Join 6,267 people tracking our content