800-708-1790 experts@forcebrain.com

Security Policy

We take privacy and security seriously. We are happy to discuss any security questions in more detail and answer security questionnaires or perform security reviews with customers.  Please also see our Privacy Policy page.

Authentication

  • We never have access to Salesforce passwords.
  • We are able to install and setup in a sandbox/test environment or your production environment.

Encryption

  • Also self-scheduling data in transit is encrypted via SSL (Secure Socket Layer).

Data We Collect

  • Salesforce configuration information.
  • To purchase text message & phone reminders in the SUMO Scheduler App, we use the payment processor Authorize.NET for credit card payments.  When an Administrator enters their credit card information in our app, the information is sent directly to Authorize.NET.  Your credit card number is never sent to SUMO Scheduler servers.

Access to Systems

  • All interaction between SUMO Scheduler and third-party platforms (e.g. Salesforce, Twilio, Authorize.NET) occurs over a secure HTTPS connection.
  • We host our systems on industry-leading cloud infrastructure services including Salesforce.com.

Incident Response and Remediation

  • The Salesforce platform is monitored 24/7/365 with numerous security, performance measurement, and error-checking tools.
  • If an incident causes downtime, an update is posted on the Salesforce Trust Status Page or the Twilio Status Page.
  • Should a security incident occur, we will notify affected users of the nature and extent of the breach, and take steps to minimize any damage.  There have been no security incidents to date.

Data Confidentiality

  • SUMO Scheduler does not rent, sell, trade or disclose your Personal Information to third parties without your consent, except as specified in our Privacy Policy.
  • Access to customer data by SUMO Scheduler employees is limited based on the need to access such data (e.g. to resolve a customer support ticket).
  • When requested, we will destroy a user’s account, removing all customer data associated with that account.
  • SUMO Scheduler adheres to the permissions assigned to user profiles in the customer Salesforce org.

Vulnerability Management

  • We perform regular internal vulnerability scans of our applications using accredited industry standard tools including the BURP and ZAP scan.

Third-Party Security and Privacy Reviews