Data Security
Secure Development Practices
Salesmate developers follow the secure development practices described in OWASP. Every change request or a new feature has to pass through a security checklist before going to production. The code always has to go through vulnerability scanners, code analyzer tools, and manual code verification process.
Data Isolation
With our horizontal database design, clients’ primary data is stored separately. All additional data and files for customers are also logically separated in our cloud storage to avoid data leaks and accidental access.
Your data is entirely yours. It’s only stored on our dedicated VPCs while using the services and not shared with any third party without your consent.
Data Retention and Disposals
We retain your data as long as you are using Salesmate services. Your data gets deleted from the servers in 30 days from the day of trial expiry or subscription cancellation.
We only maintain the invoicing and service entries for accounting and legal requirements.
Encryption
All customer data is encrypted and stored using Google’s built-in encryption-at-rest features. More technically, we use Google’s server-side encryption feature with Google-managed encryption keys to encrypt all data at rest using AES-256, transparently, and automatically.
Physical Security
At the workplace
Access to our office, infrastructure, and facilities is controlled using access cards. Our HR team provides and maintains access cards given to employees, contractors, and visitors with only specific locations and entrances. We also monitor entry, exits, and all internal activities over the CCTV cameras deployed according to the regulations. Backup footage is also maintained for a particular time based on the requirement.
At the Data Centers
Our dedicated VPCs are hosted in Google Data Cloud’s secure infrastructure.
Access to Google’s data center floor is only possible via a security corridor which implements multi-factor access control using security badges and biometrics. Only approved employees with specific roles may enter.
Additionally, Google data center physical security features a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics, and the data center floor features laser beam intrusion detection.
Operational Security
Logging and Monitoring
All the logs coming from our services, internal network, devices are stored and analyzed to find usual activities.
Customers also have changelogs for record updates and deletions inside their record details.
Platform Load Balancing
With our load balancers and auto-scale of service-nodes provides continuous and secure access to services around the globe.
Data Backup
The client’s database replicates over multiple availability zones in an almost real-time manner.
Every midnight we take a customer wise backup and store encrypted and compressed files inside Google Cloud buckets. If a customer requests data recovery within the retention period, we will restore their data and secure access. The timeline for data restoration depends on the size of the data and the complexity involved.
Incident and Response Management
The security team runs an in-house Incident Response (“IR”) program and guides Salesmate employees on reporting suspicious activity. The goal of the Incident response program is to detect and react to security incidents, determine their scope and risk, respond appropriately to the incident, communicate the results and risk to all stakeholders, and reduce the likelihood of incident from reoccurring.
Organizational Security
At Salesmate, we take security and privacy very seriously. We are ISO 27001:2013, SOC2 certified and regularly audited. We have defined information classification and handling guidelines, which is strictly rigorously followed by our team members.
Employee background checks
We hire reputed external agencies to do background c hecks for each new hire. The process verifies their criminal records and previous employment records. Until the verification completes, the employee is not assigned any activity or information which may pose a risk to our customers and teammates.
Security Awareness and Training
Each employee has to go through information security, privacy, and compliance training. They also learn about incident response reporting and communication methods. They might have to go through additional security training to configure and manage client services or cloud spaces based on their role.
We also host internal events and quizzes to ensure their knowledge is up to date as per the industry needs.
Dedicated Security Team
We have a dedicated security team to ensure that the company’s infrastructure, software/applications are upgraded to avoid any security compromise. They also provide domain-specific training to the developers and consulting teams to follow security code practices and procedures.
Endpoint Security
All our workstations are configured to encrypt data at rest. We don’t allow any removable media sources inside our office premises. All our applications and access points are enabled with two-factor login, and employees are required to pick a strong password and keep changing them over a particular period.
Vendors and Sub-processors
We carefully select vendors and sub-processors who have setup world-class security processes and also follow GDPR guidelines.
Whenever we have to add a new sub-processor to our platform, we send information to all our customers in advance to verify their security and privacy policies.
Vulnerability Reporting
Keeping customer data secure is our prime responsibility. We genuinely value the assistance of security researchers and others in the security community to assist in keeping our systems safe.
To know more or report security vulnerabilities, please visit this page.
Customer controls & security
We have mentioned all the security options provided by us, but customers should follow a quick list to keep their accounts safe and secure.
- Choose a strong and unique password with at least one Capital letter, Digit, and a special character.
- Use multi-factor authentication.
- Use the latest browser version, mobile OS, and mobile applications to ensure that their root machines are not compromised.
- Setup proper roles and access permissions to share and modify data inside Salesmate.
- Use IP Access controls to make sure that the Salesmate workspace is only accessible via verified networks.
- Be aware of phishing and malware threats. Never share any sensitive information with anyone impersonating as a Salesmate rep.
Your customer data is in safe hands
Encrypt your every session with Salesmate CRM.
- No credit card required
- Cancel anytime.