Assuming we integrate with your Zendesk platform, we'll have access to all customer data points in the CRM.
While we have access, we will never use or process your customers' data for anything other than intended and agreed upon. We take free text from conversations, reviews and surveys to output insights to your view on the platform.
Under GDPR, we are legally a data processor and you are the data controller. We are completely GDPR compliant.
The SentiSum dashboard users authenticate using their secure username and password along with 2FA.
The authentication mechanism leverages AWS Cognito over SSL. For our enterprise customers, users authenticate using SSO
UK and Ireland
AWS Ireland and Google Ireland
At the end of the commercial contract, all the data is permanently deleted within 30 days of contract termination.
We're very cautious with our customer's data. We've undertaken excessive security testing to ensure protection.
• Penetration testing:
• Cyber Essentials Plus (Read about the certification here)
In Progress: SOC 2 (expected Dec 2022)
Please read the below documents to understand our ISG.
• Here's our incident response policy
• Data classification policy
Here's our process to manage data access for new joiners and leavers.
We make sure our team is aware of the company-wide Information Security Policy. Our contracts of employment contain clear Information Security Responsibilities that must be followed by all employees.
When data is at rest on our AWS servers we have full-disk encryption.
We use 256-bit Advanced Encryption Standard (AES-256) which is compliant with standards outlined in FIPS 140.When data is in transit, we apply encryption using TLS v1.2+.
We tightly control our encryption keys using AWS Key Management Service (AWS KMS). AWS KMS keys are protected by hardware security modules that are validated by the FIPS 140-2 Cryptographic Module Validation Program
We control access to all data with a clear authentication and authorisation policy. Not every employee has equal access and customers are only able to see their own data.
Access to our servers must go through our VPN which only a restricted number of people have admin access to.
When our dashboard interacts with the APIs we use, we ensure secure access under the OAuth standard.
What's your Business Continuity & Disaster Recovery plan?
We regularly backup all data and have diversified our data centres.
Yes, we do. You can find it here.
We have separate environments to build and produce our software. Our customer data is not used during development and testing and is separated from risk.
Please find our system development policy documentation here.
If you have any further questions, we're always available to help out.
Please reach out on firstname.lastname@example.org