Salesmate developers follow the secure development practices described in OWASP. Every change request or a new feature has to pass through a security checklist before going to production. The code always has to go through vulnerability scanners, code analyzer tools, and manual code verification process.
With our horizontal database design, clients’ primary data is stored separately. All additional data and files for customers are also logically separated in our cloud storage to avoid data leaks and accidental access.
Your data is entirely yours. It’s only stored on our dedicated VPCs while using the services and not shared with any third party without your consent.
We retain your data as long as you are using Salesmate services. Your data gets deleted from the servers in 30 days from the day of trial expiry or subscription cancellation.
We only maintain the invoicing and service entries for accounting and legal requirements.
All customer data is encrypted and stored using Google’s built-in encryption-at-rest features. More technically, we use Google’s server-side encryption feature with Google-managed encryption keys to encrypt all data at rest using AES-256, transparently, and automatically.
Access to our office, infrastructure, and facilities is controlled using access cards. Our HR team provides and maintains access cards given to employees, contractors, and visitors with only specific locations and entrances. We also monitor entry, exits, and all internal activities over the CCTV cameras deployed according to the regulations. Backup footage is also maintained for a particular time based on the requirement.
Our dedicated VPCs are hosted in Google Data Cloud’s secure infrastructure.
Access to Google’s data center floor is only possible via a security corridor which implements multi-factor access control using security badges and biometrics. Only approved employees with specific roles may enter.
Additionally, Google data center physical security features a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics, and the data center floor features laser beam intrusion detection.
All the logs coming from our services, internal network, devices are stored and analyzed to find usual activities.
Customers also have changelogs for record updates and deletions inside their record details.
With our load balancers and auto-scale of service-nodes provides continuous and secure access to services around the globe.
The client’s database replicates over multiple availability zones in an almost real-time manner.
Every midnight we take a customer wise backup and store encrypted and compressed files inside Google Cloud buckets. If a customer requests data recovery within the retention period, we will restore their data and secure access. The timeline for data restoration depends on the size of the data and the complexity involved.
The security team runs an in-house Incident Response (“IR”) program and guides Salesmate employees on reporting suspicious activity. The goal of the Incident response program is to detect and react to security incidents, determine their scope and risk, respond appropriately to the incident, communicate the results and risk to all stakeholders, and reduce the likelihood of incident from reoccurring.
At Salesmate, we take security and privacy very seriously. We are ISO 27001:2013, SOC2 certified and regularly audited. We have defined information classification and handling guidelines, which is strictly rigorously followed by our team members.
We hire reputed external agencies to do background c hecks for each new hire. The process verifies their criminal records and previous employment records. Until the verification completes, the employee is not assigned any activity or information which may pose a risk to our customers and teammates.
Each employee has to go through information security, privacy, and compliance training. They also learn about incident response reporting and communication methods. They might have to go through additional security training to configure and manage client services or cloud spaces based on their role.
We also host internal events and quizzes to ensure their knowledge is up to date as per the industry needs.
We have a dedicated security team to ensure that the company’s infrastructure, software/applications are upgraded to avoid any security compromise. They also provide domain-specific training to the developers and consulting teams to follow security code practices and procedures.
All our workstations are configured to encrypt data at rest. We don’t allow any removable media sources inside our office premises. All our applications and access points are enabled with two-factor login, and employees are required to pick a strong password and keep changing them over a particular period.
We carefully select vendors and sub-processors who have setup world-class security processes and also follow GDPR guidelines.
Whenever we have to add a new sub-processor to our platform, we send information to all our customers in advance to verify their security and privacy policies.
Keeping customer data secure is our prime responsibility. We genuinely value the assistance of security researchers and others in the security community to assist in keeping our systems safe.
To know more or report security vulnerabilities, please visit this page.
We have mentioned all the security options provided by us, but customers should follow a quick list to keep their accounts safe and secure.
