Taskfeed Security, Privacy and Architecture Overview
Security, Privacy and Architecture
We would like to make two things clear. First, we respect your privacy and take significant efforts to protect all your data. Second, we would never do anything with your data that we wouldn’t be proud to tell the world about.
We are responsible for ensuring the privacy, confidentiality, integrity, and availability of data in our trust. This responsibility includes that of customer data processed by our products and stored on our systems. We have an obligation to provide appropriate protection against threats and to provide a level of service to our customers.
This document outlines the controls (both technical and organisational) we have put in place for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Data), confidentiality and integrity of Customer Data.
As you continue to learn more about Taskfeed we recommend you also review our Terms of Service and Privacy Policy.
Information Security
We have implemented an information security management system based on ISO 27001:2013. This management system encompasses the use of numerous policies covering the use of vendors and third party services, passwords, secure engineering, clear desks and screens, and acceptable use policies. You may request a copy of our policy by contacting support@taskfeedapp.com.
Our access to your data
None of the data submitted to Taskfeed including Boards, Tasks or customer information from your CRM is shared with us. This information resides within your Salesforce instance which is inaccessible by default. This is something rather unique about how we operate. As our access to your Salesforce environment including configuration and data it means unless expressly granted we do not have a means of accessing your data.
We will collect personal data relating to Users for the provision of support and for the purpose of product analytics. If you provide your customers, partners or any third party access to Taskfeed through Salesforce Communities the we will treat those individuals as Users and collect data for them also.
In the course of providing support it may be necessary to temporarily grant access to your Salesforce environment. Temporary access is possible through a Salesforce feature called “Grant Login Access”. This mechanism provides an auditable time restricted access to your environment. Only specific members of the team with sufficient training are permitted to login to your environment using this method. We will always request login access along with a reason why access is required, how long access is required and an outline for any actions we will perform with the access. Use of “Grant Login Access” is at the discretion of the subscriber and end user. However not adopting this feature will likely increase the time to troubleshoot and resolve issues.
More about “Grant Login Access” can be found here: https://help.salesforce.com/apex/HTViewHelpDoc?id=granting_login_access.htm
Infrastructure
All of our product services are run in the cloud. Tapply does not run our own routers, load balancers, DNS servers, or physical servers. The vast majority of our services and data are hosted by Salesforce.
Application Architecture
Taskfeed runs on Salesforce, so our customers benefit from all the innovation and security of the Salesforce platform. This means all logic and code is processed either by Salesforce or within your browser.
Application Security
Salesforce has security built into every layer of the Platform.
The infrastructure layer comes with replication, backup, and disaster recovery planning. Network services has encryption in transit and advanced threat detection. Salesforce application services implement identity, authentication, and user permissions. Salesforce also offer an additional layer of trust with Salesforce Shield, including Platform Encryption, Event Monitoring, and Field Audit Trail.
Taskfeed leverages Salesforce Platform security features where appropriate.
Salesforce AppExchange Security Review
Taskfeed is enrolled in the ISVForce Partner Program (AppExchange) and as part of this program is a mandatory periodic security review. The Security Review has been developed to assess the security of partner offerings and to ensure that applications published on the AppExchange follow industry best practices for security.
Personal Data
Nature and Purpose of Processing
Through the use of Taskfeed and other services we provide we will process your employees personal data and potentially your customers personal data residing in Salesforce. The Taskfeed application may use data available within your Salesforce environment including employee, customer, prospect or partner personal data to fulfill the objectives of its purpose, as further specified in the Documentation, and as further instructed by the Customer in its use of the Services. This processing all happens within your own Salesforce environment as described in the “Our access to your data” section above.
Known examples where Personal Data may be processed by the service are:
Displaying User and Contacts related to Boards and Tasks and other items
Sending notification messages to Users and Contacts
Displaying related User or Contact data within the application
We will additionally collect personal data relating to Users for the provision of support and for the purpose of product analytics. If you provide your customers, partners or any third party access to Taskfeed through Salesforce Communities the we will treat those individuals as Users and collect data for them also. Individuals accessing Taskfeed as Guests through the External Sharing feature are anonymous, personal data will not be collected about these users however anonymous product usage information may be collected.
Duration of Processing
We will Process Personal Data that is provided to the application within Salesforce for the duration that the application is used related to the Personal Data in Salesforce, this could be while there are Taskfeed records related to Salesforce Account, Contacts or other records holding personal data.
Personal data shared with us for the purpose of application analytics and support may be accessed and processed beyond the scope of any agreement.
Categories of Data Subjects
Customer may submit Personal Data to the extent of which is determined and controlled by Customer, and which may include, but is not limited to Personal Data relating to the following categories of data subjects:
Prospects, customers, business partners and vendors of Customer (who are natural persons)
Employees or contact persons of Customer’s prospects, customers, business partners and vendors
Employees, agents, advisors, freelancers of Customer (who are natural persons)
Customer’s Users authorized by Customer to use the Services
Type of Personal Data
The following categories of Personal Data will be collected and shared with Tapply and our sub-processors through the interaction with Taskfeed as User.
Salesforce User ID
First and Last name
Username
Job Title
Position
Employer
Contact information (company, email, phone, physical business address)
Geo-location
Right to Be Forgotten
You may need to delete customer data in order to comply with data protection and privacy regulations. The Salesforce Platform offers a rich set of features to help you meet your obligations under the GDPR. Salesforce allows customers to delete personal data at both an organizational level and an individual level. Deletions of Salesforce instances (orgs) are synced regularly.
https://help.salesforce.com/articleView?id=data_deletion_platform.htm&type=5
Consent
Salesforce Platform helps you comply with data protection and privacy regulations with out-of-the-box support for indicating do not call, email opt-out, and fax opt-out preferences. The Salesforce Platform also now includes an Individual Object for tracking privacy preferences across multiple roles in your organization which can relate to one or many Contacts, Leads, Person Accounts, and custom object records. Taskfeed supports these options or provides additional controls to manage consent when sending notifications to Users or Customers.
Restriction of Processing
On the Salesforce Platform, records can be identified, exported, and deleted upon receiving a verified request to restrict processing. If the restriction is lifted at a later date, the records can be re-imported.
https://help.salesforce.com/articleView?id=restriction_of_processing_platform.htm&type=5
Data Portability
You can use the Salesforce Platform to help you honor your customers’ requests to export their data. Data can be extracted via both UI-driven as well as API-driven methods, including reports and report/dashboard APIs, data loader, Apex, SOAP and REST APIs, and third-party ETL tools. Export formats include CSV, JSON, and XML.
Accountability/Transparency
Both ourselves and Salesforce offers customers a robust data processing addendum containing strong privacy commitments. This addendum also contains specific provisions to assist you in your compliance with the GDPR.
Sub-processors
To provide quality of service Taskfeed uses additional cloud-based application and services. These are designated as sub-processors.
Intercom
Used for application usage monitoring and customer support. When a Visualforce page is loaded, a Javascript file is loaded from the Intercom domain registering usage information alongwith the following Personal Data:
Salesforce User ID
First and Last name
Username
Job Title
Position
Employer
Contact information (company, email, phone, physical business address)
Location
The data Intercom provides Taskfeed is used for usage monitoring of products and features.
Stripe
Stripe is not part of the Taskfeed app but is used for managing credit card subscription to the App. Stripe is provided through an integration with Salesforce and the AppExchange called “Salesforce Checkout”. Stripe manages the subscription payment process.
Find out more about AppExchange Checkout here: http://www.salesforce.com/us/developer/docs/packagingGuide/Content/appexchange_checkout _using.htm
Learn more about Stripe on their website: https://stripe.com/
Reporting a Security Concern
If you have discovered a security issue or want to report a concern regarding the security of Taskfeed please report this immediately to support@taskfeedapp.com.