Taskfeed Security, Privacy and Architecture Overview

← Security & Compliance

Security, Privacy and Architecture

We would like to make two things clear. First, we respect your privacy and take significant efforts to protect all your data. Second, we would never do anything with your data that we wouldn’t be proud to tell the world about.

We are responsible for ensuring the privacy, confidentiality, integrity, and availability of data in our trust. This responsibility includes that of customer data processed by our products and stored on our systems. We have an obligation to provide appropriate protection against threats and to provide a level of service to our customers.

This document outlines the controls (both technical and organisational) we have put in place for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Data), confidentiality and integrity of Customer Data.

As you continue to learn more about Taskfeed we recommend you also review our Terms of Service and Privacy Policy.

Information Security

We have implemented an information security management system based on ISO 27001:2013. This management system encompasses the use of numerous policies covering the use of vendors and third party services, passwords, secure engineering, clear desks and screens, and acceptable use policies.

Our access to your data

None of the data submitted to Taskfeed including Boards, Tasks or customer information from your CRM is shared with us. This information resides within your Salesforce instance which is inaccessible by default. This is something rather unique about how we operate. As our access to your Salesforce environment including configuration and data it means unless expressly granted we do not have a means of accessing your data.

We will collect personal data relating to Users for the provision of support and for the purpose of product analytics. If you provide your customers, partners or any third party access to Taskfeed through Salesforce Communities the we will treat those individuals as Users and collect data for them also.

In the course of providing support it may be necessary to temporarily grant access to your Salesforce environment. Temporary access is possible through a Salesforce feature called “Grant Login Access”. This mechanism provides an auditable time restricted access to your environment. Only specific members of the team with sufficient training are permitted to login to your environment using this method. We will always request login access along with a reason why access is required, how long access is required and an outline for any actions we will perform with the access. Use of “Grant Login Access” is at the discretion of the subscriber and end user. However not adopting this feature will likely increase the time to troubleshoot and resolve issues.

More about “Grant Login Access” can be found here: https://help.salesforce.com/apex/HTViewHelpDoc?id=granting_login_access.htm

Infrastructure

All of our product services are run in the cloud. Tapply does not run our own routers, load balancers, DNS servers, or physical servers. The vast majority of our services and data are hosted by Salesforce.

Application Architecture

Taskfeed runs on Salesforce, so our customers benefit from all the innovation and security of the Salesforce platform. This means all logic and code is processed either by Salesforce or within your browser.

Application Security

Salesforce has security built into every layer of the Platform.

The infrastructure layer comes with replication, backup, and disaster recovery planning. Network services has encryption in transit and advanced threat detection. Salesforce application services implement identity, authentication, and user permissions. Salesforce also offer an additional layer of trust with Salesforce Shield, including Platform Encryption, Event Monitoring, and Field Audit Trail.

Taskfeed leverages Salesforce Platform security features where appropriate.

Salesforce AppExchange Security Review

Taskfeed is enrolled in the ISVForce Partner Program (AppExchange) and as part of this program is a mandatory periodic security review. The Security Review has been developed to assess the security of partner offerings and to ensure that applications published on the AppExchange follow industry best practices for security.

Personal Data

Nature and Purpose of Processing

Through the use of Taskfeed and other services we provide we will process your employees personal data and potentially your customers personal data residing in Salesforce. The Taskfeed application may use data available within your Salesforce environment including employee, customer, prospect or partner personal data to fulfill the objectives of its purpose, as further specified in the Documentation, and as further instructed by the Customer in its use of the Services. This processing all happens within your own Salesforce environment as described in the “Our access to your data” section above.

Known examples where Personal Data may be processed by the service are:

  • Displaying User and Contacts related to Boards and Tasks and other items

  • Sending notification messages to Users and Contacts

  • Displaying related User or Contact data within the application

We will additionally collect personal data relating to Users for the provision of support and for the purpose of product analytics. If you provide your customers, partners or any third party access to Taskfeed through Salesforce Communities the we will treat those individuals as Users and collect data for them also. Individuals accessing Taskfeed as Guests through the External Sharing feature are anonymous, personal data will not be collected about these users however anonymous product usage information may be collected.

Duration of Processing

We will Process Personal Data that is provided to the application within Salesforce for the duration that the application is used related to the Personal Data in Salesforce, this could be while there are Taskfeed records related to Salesforce Account, Contacts or other records holding personal data.

Personal data shared with us for the purpose of application analytics and support may be accessed and processed beyond the scope of any agreement.

Categories of Data Subjects

Customer may submit Personal Data to the extent of which is determined and controlled by Customer, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:

  • Prospects, customers, business partners and vendors of Customer (who are natural persons)

  • Employees or contact persons of Customer’s prospects, customers, business partners and vendors

  • Employees, agents, advisors, freelancers of Customer (who are natural persons)

  • Customer’s Users authorized by Customer to use the Services

Type of Personal Data

The following categories of Personal Data will be collected and shared with Tapply and our sub-processors through the interaction with Taskfeed as User.

  • Salesforce User ID

  • First and Last name

  • Username

  • Job Title

  • Position

  • Employer

  • Contact information (company, email, phone, physical business address)

  • Geo-location

Right to Be Forgotten

You may need to delete customer data in order to comply with data protection and privacy regulations. The Salesforce Platform offers a rich set of features to help you meet your obligations under the GDPR. Salesforce allows customers to delete personal data at both an organizational level and an individual level. Deletions of Salesforce instances (orgs) are synced regularly.

https://help.salesforce.com/articleView?id=data_deletion_platform.htm&type=5

Consent

Salesforce Platform helps you comply with data protection and privacy regulations with out-of-the-box support for indicating do not call, email opt-out, and fax opt-out preferences. The Salesforce Platform also now includes an Individual Object for tracking privacy preferences across multiple roles in your organization which can relate to one or many Contacts, Leads, Person Accounts, and custom object records. Taskfeed supports these options or provides additional controls to manage consent when sending notifications to Users or Customers.

Restriction of Processing

On the Salesforce Platform, records can be identified, exported, and deleted upon receiving a verified request to restrict processing. If the restriction is lifted at a later date, the records can be re-imported.

https://help.salesforce.com/articleView?id=restriction_of_processing_platform.htm&type=5

Data Portability

You can use the Salesforce Platform to help you honor your customers’ requests to export their data. Data can be extracted via both UI-driven as well as API-driven methods, including reports and report/dashboard APIs, data loader, Apex, SOAP and REST APIs, and third-party ETL tools. Export formats include CSV, JSON, and XML.

Accountability/Transparency

Both ourselves and Salesforce offers customers a robust data processing addendum containing strong privacy commitments. This addendum also contains specific provisions to assist you in your compliance with the GDPR.

Sub-processors

To provide quality of service Taskfeed uses additional cloud-based application and services. These are designated as sub-processors.

Intercom

Used for application usage monitoring and customer support. When a Visualforce page is loaded, a Javascript file is loaded from the Intercom domain registering usage information alongwith the following Personal Data:

  • Salesforce User ID

  • First and Last name

  • Username

  • Job Title

  • Position

  • Employer

  • Contact information (company, email, phone, physical business address)

  • Location

The data Intercom provides Taskfeed is used for usage monitoring of products and features.

Stripe

Stripe is not part of the Taskfeed app but is used for managing credit card subscription to the App. Stripe is provided through an integration with Salesforce and the AppExchange called “Salesforce Checkout”. Stripe manages the subscription payment process.

Find out more about AppExchange Checkout here: http://www.salesforce.com/us/developer/docs/packagingGuide/Content/appexchange_checkout _using.htm

Learn more about Stripe on their website: https://stripe.com/

Reporting a Security Concern

If you have discovered a security issue or want to report a concern regarding the security of Taskfeed please report this immediately to support@taskfeedapp.com.



Security & Compliance

  1. Taskfeed Security, Privacy and Architecture Overview
  2. EU GDPR Compliance
  3. Improvements to Personal Data Security: Personal Data Sandboxing
  4. Discovered a Security Issue or want to report a concern?

Feedback and Knowledge Base

(thinking…)