At atSpoke, we’re committed to delivering forward-thinking technology while honoring the responsibility to safeguard the data customers share with us. We have taken a multi-tiered security approach in the design of our application and maintain that standard through secure development practices combined with a number of third-party assessments. Our focus remains on releasing product features that empower workplaces without sacrificing security.
We know that entrusting us with your internal corporate data is an important decision. Therefore we have taken numerous steps to create a strong security program to provide you the reassurance you need. We ensure that each customer’s data is kept safe and separate from other customer’s data, and also limit the same principles of access with our own staff’s capabilities. atSpoke doesn’t view your data unless you’re aware and we will never create any sort of meta-reporting that can be resold later. Our business is laser-focused on delivering the value we promise, and nothing else.
People, process and technology are all considerations in how we approach information security and data privacy. To validate the effectiveness of our internal security controls, we engaged an independent auditor to assess our compliance with a framework which is specifically designed for software-as-a-service (SaaS) providers.
atSpoke currently holds a report on compliance for the SOC 2 SSAE 18 standard which outlines our philosophy and approach for information security management, risk assessment, board oversight, and third-party risks, among other principles.
All customer payments accepted by atSpoke via credit card are processed in compliance with the current Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is designed to ensure any merchant accepting credit card payments are required to implement appropriate protective measures to prevent cardholder data from theft or fraudulent use. At a high level, to comply with the standard, we continue to:
At atSpoke, we have selected the secure payment technology company Stripe for our credit card processing needs. Using Stripe, no cardholder data is ever stored or processed on atSpoke’s servers. For PCI Compliance, all atSpoke payment data and transaction processing is delegated to Stripe. Stripe is certified to the highest industry standards, including PCI DSS Level 1 certification and various rigorous standards across the globe.
We complement our own compliance achievements by hosting our services in Google Cloud Platform which is a state of the art data center, utilizing innovative architectural and modern engineering approaches. Google’s data centers have been validated for compliance against a number of strict standards, regulations and assorted frameworks. To learn more about Google’s Trust and Compliance, you can learn more here: https://cloud.google.com/security/compliance/#/.
For inquiries regarding our information security practices at atSpoke, or to provide feedback or suggestions to our team, please email us at firstname.lastname@example.org. To report an identified security vulnerability in our application, please email us at email@example.com.
The EU General Data Protection Regulation (GDPR) is a new comprehensive EU data privacy law which took effect on May 25, 2018.
Under GDPR, atSpoke is a data processor therefore, we provide support to data controllers in order to enable them to fulfill their obligations under GDPR, and will refer any direct inquiry from consumers and end-users to the respective data controller for handling.
At atSpoke we have taken various steps to give customers assurance that the use of atSpoke’s products and services are consistent with the GDPR:
Subprocessors: atSpoke uses third-party services for business & operational efficiency. These subprocessors have limited access to requisite customer data in order to provide specific functionality within our service. We establish data protection agreements that require third-party services to adhere to confidentiality and privacy commitments that we have made to our customers. atSpoke uses the following subprocessors:
|Google, Inc.||Cloud Service Provider|
|MongoDB, Inc.||Cloud-based Hosted Database|
|Mailgun Technologies, Inc.||Cloud-based Email Service Provider|
|Intercom, Inc.||Cloud-based Customer Support Services|
|Stripe, Inc.||Cloud-based Payment Processor|
|Fullstory, Inc.||Cloud-based User Behaviour Analytics Services|
|Salesforce, Inc.||Cloud-based Customer Relationship Management|
|Twilio, Inc.||Cloud-based SMS Services|
|Mixpanel, Inc.||Cloud-based Analytics Services|
|Cloudinary, Inc.||Cloud-based File Storage Services|
|Elasticsearch, Inc.||Cloud-based Logging Services|
|Stitch, Inc.||Cloud-based Analytics Pipeline Services|
|Mode Analytics, Inc.||Cloud-based Analytics Services|
|DataDog||Cloud-based Logging Services|
We will update this page periodically to reflect current information regarding subprocessing associated with the atSpoke service. Prior to any changes to subprocessor relationships, we will provide notification to customers of any proposed updates in accordance with our contractual or legal obligations.
If you would like to request a copy of our Data Protection Agreement or if you have any other privacy-related questions, please email us at firstname.lastname@example.org.
Effective | August 1, 2019