Skip to main content

Search

How secure is my data Follow

Salesmate serves thousands of its customers worldwide to help their business grow at the required scale and speed without compromising any security aspects. Our people, processes, and products reflect our dedication and efforts to deliver secure and reliable products that help you focus on the business with peace.

Data-Security_2x.jpg

Secure Development Practices

  • Salesmate developers follow the secure development practices described in OWASP. Every change request or a new feature has to pass through a security checklist before going to production. The code always has to go through vulnerability scanners, code analyzer tools, and a manual code verification process.

Data Isolation

  • With our horizontal database design, clients’ primary data is stored separately. All additional data and files for customers are also logically separated in our cloud storage to avoid data leaks and accidental access.
  • Your data is entirely yours. It’s only stored on our dedicated VPCs while using the services and not shared with any third party without your consent.

Data Retention and Disposals

  • We retain your data as long as you are using Salesmate services. Your data gets deleted from the servers within 30 days from the day of trial expiry or subscription cancellation.
  • We only maintain the invoicing and service entries for accounting and legal requirements.

Encryption

  • All customer data is encrypted and stored using Google’s built-in encryption-at-rest features. More technically, we use Google’s server-side encryption feature with Google-managed encryption keys to encrypt all data at rest using AES-256, transparently, and automatically. Physical Security

At the workplace

  • Access to our office, infrastructure, and facilities is controlled using access cards. Our HR team provides and maintains access cards given to employees, contractors, and visitors with only specific locations and entrances. We also monitor entry, exits, and all internal activities over the CCTV cameras deployed according to the regulations. Backup footage is also maintained for a particular time based on the requirement.

At the Data Centers

  • Our dedicated VPCs are hosted in Google Data Cloud’s secure infrastructure.
  • Access to Google’s data center floor is only possible via a security corridor that implements multi-factor access control using security badges and biometrics. Only approved employees with specific roles may enter.
  • Additionally, Google data center physical security features a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics, and the data center floor features laser beam intrusion detection.

Operational Security

Logging and Monitoring

  • All the logs coming from our services, internal network, and devices are stored and analyzed to find the usual activities.
  • Customers also have changelogs for record updates and deletions inside their record details.

Platform Load Balancing

  • With our load balancers and auto-scale of service, nodes provide continuous and secure access to services around the globe.

Data Backup

  • The client’s database replicates over multiple availability zones in an almost real-time manner.
  • Every midnight we take a customer-wise backup and store encrypted and compressed files inside Google Cloud buckets. If a customer requests data recovery within the retention period, we will restore their data and secure access. The timeline for data restoration depends on the size of the data and the complexity involved.

Incident and Response Management

  • The security team runs an in-house Incident Response (“IR”) program and guides Salesmate employees on reporting suspicious activity. The goal of the Incident response program is to detect and react to security incidents, determine their scope and risk, respond appropriately to the incident, communicate the results and risk to all stakeholders, and reduce the likelihood of incidents reoccurring.

Organizational Security

  • At Salesmate, we take security and privacy very seriously. We are ISO 27001:2013 certified and regularly audited. We have defined information classification and handling guidelines, which are strictly and rigorously followed by our team members.

Employee background checks

  • We hire reputed external agencies to do background checks for each new hire. The process verifies their criminal records and previous employment records. Until the verification is completed, the employee is not assigned any activity or information that may pose a risk to our customers and teammates.

Security Awareness and Training

  • Each employee has to go through information security, privacy, and compliance training. They also learn about incident response reporting and communication methods. They might have to go through additional security training to configure and manage client services or cloud spaces based on their role.
  • We also host internal events and quizzes to ensure their knowledge is up to date as per the industry's needs.

Dedicated Security Team

  • We have a dedicated security team to ensure that the company’s infrastructure, software/applications are upgraded to avoid any security compromise. They also provide domain-specific training to the developers and consulting teams to follow security code practices and procedures.

Endpoint Security

  • All our workstations are configured to encrypt data at rest. We don’t allow any removable media sources inside our office premises. All our applications and access points are enabled with two-factor login, and employees are required to pick a strong password and keep changing it over a particular period.

Vendors and Sub-processors

  • We carefully select vendors and sub-processors who have set up world-class security processes and also follow GDPR guidelines.
  • Whenever we have to add a new sub-processor to our platform, we send information to all our customers in advance to verify their security and privacy policies.

Vulnerability Reporting

  • Keeping customer data secure is our prime responsibility. We genuinely value the assistance of security researchers and others in the security community to assist in keeping our systems safe.
  • To know more or report security vulnerabilities, please visit this page.

Customer controls & security

We have mentioned all the security options provided by us, but customers should follow a quick list to keep their accounts safe and secure.

  • Choose a strong and unique password with at least one Capital letter, Digit, and a special character.
  • Use multi-factor authentication.
  • Use the latest browser version, mobile OS, and mobile applications to ensure that their root machines are not compromised.
  • Set up proper roles and access permissions to share and modify data inside Salesmate.
  • Use IP Access controls to make sure that the Salesmate workspace is only accessible via verified networks.
  • Be aware of phishing and malware threats. Never share any sensitive information with anyone impersonating a Salesmate rep.

Related articles

Comments

0 comments

Please sign in to leave a comment.