In accordance with our SOC 2 Type II compliance program, wemaintain policies, procedures, and practices documenting ourtechnological, administrative, and procedural safeguards relating tothe privacy, security, integrity, and availability of personal data.
Our information security framework includes periodic audits,assessments, and employee privacy and security training.
We undergo annual independent third-party SOC 2 Type II auditsthat include a risk assessment of the threats to the privacy,confidentiality, security, integrity and availability of personal data,the likelihood that these threats occur, and measures to mitigatethese risks.We conduct penetration testing of the network and our applicationto evaluate the security of our production environment
We only collect the personal data we need to accomplish ourbusiness purposes, including names, business email addresses,links to Slack profile pictures, and Slack user metadata. We do notstore users’ conversation data on our systems.
When a customer uninstalls our solution, we securely dispose ofthe personal data in our possession by deleting the customer’sdata from our systems.
We conduct background checks on all of our employees usingCheckr.
We regularly train all our employees on our information securityprogram, the importance of the security, confidentiality, and privacyof personal data, and the risks to our company and its customersassociated with security incidents.
We only permit access to personal data, sensitive informationsystems, and our premises to authorized employees based on theirrole and with prior approval.
‍
Terminated employees are prevented from accessing personaldata and lose access to all devices and applications upontermination.
In accordance with our SOC 2 Type II compliance program, wemaintain policies, procedures, and practices documenting ourtechnological, administrative, and procedural safeguards relating tothe privacy, security, integrity, and availability of personal data.
Our information security framework includes periodic audits,assessments, and employee privacy and security training.
All communication between customer systems and our platformtakes place using high levels of encryption (TLS 1.2/HPPS).
‍
All stored data, session cookies, and backups are encrypted atrest. Our databases are also encrypted using custom keys foradditional security.
We use industry-standard encryption and a monitoring agent toprotect the data stored on company laptops.
We store all personal data on private networks that require VPN toaccess, and we conduct biannual penetration testing to evaluatethe security of the network.
We have implemented Snyk to detect and remedy malicious orunsecure code designed to perform an unauthorized function on,or permit unauthorized access to, any information system.
‍
We remediate any malicious or unsecure code promptly uponidentification.
We conduct biannual vulnerability assessments to detectvulnerabilities on the network, and we have implementedprocesses to remediate any detected vulnerabilities.
We maintain application security and software developmentcontrols, including private networks, custom key encryption, andbiannual penetration testing, to detect and prevent the introductionof security vulnerabilities.
Prior to implementing code changes, our employees follow adocumented change management process to assess the potentialsecurity and product impact of such changes.
‍
We document all changes to our information systems as part ofmerger requests.
We monitor and document the movement of records or mediausing Vanta, an automated security and compliance platform.
‍
We have implemented strict password protection on all personaldevices that access our systems.
We maintain restrictions on physical access to our offices andinformation systems through the implementation of strict accesscontrols that are recorded in a digital registry