1. INTRODUCTION TO OUR DATA SECURITYAt Datasmash our top priority is to ensure the security and confidentiality of our customer’s data. This Data Security description is explaining our processes around data security and confidentiality.
2. DESCRIPTION OF THE DATASMASH SERVICES The Datasmash platform collects and processes customer data, product data, sales data and support data provided by its customers. Examples of data sources could be HubSpot, Salesforce, Mixpanel, Amplitude, Stripe, Chartmogul, Microsoft, Totango, Zendesk, Intercom or any other tool in the customer's tech stack where relevant customer data is tracked. Datasmash only handles a copy of existing customer data, shared via email or in Google Drive. Datasmash stores a copy of this data in Google Drive to provide the Datasmash service with customer insights, actions and reporting functionalities.
3. DATA OWNERSHIP Datasmash customers always maintain full ownership of the data collected by Datasmash on their behalf. Customers can always completely and permanently delete all data collected from one-, multiple- or all data sources upon request or by termination of the Datasmash subscription.
4. DATA COLLECTION AND TRANSFER All data is collected by Datasmash via email or in Google Drive, subject to the customers preference.
5. BACKUP AND ARCHIVINGDatasmash keeps a backup of all customer and business data shared. All collected data is stored only to provide the service of Datasmash. The reporting data collected by Datasmash is stored only for processing purposes and the original data always stays with the original provider.
6. INFRASTRUCTURE AND SOFTWARE The physical infrastructure for Datasmash is provided by Google Drive. Datasmash is a Google workspace Enterprise customer which comes with enterprise-grade security & management and the the most advanced security and compliance offered by Google.
7. INFORMATION HANDLING AND CLASSIFICATIONAll Datasmash information is classified and handled according to Datasmash’s internal classification and handling policy.
7.1 HUMAN RESOURCE SECURITYProcesses for both on- and off-boarding of employees are in place. All Datasmash employees are subject to background checks and are required to sign a confidentiality agreement before starting employment.If a Datasmash employee ends its employment an off-boarding process is started. The former employee shall 1) return all equipment 2) All access tokens and accounts relating to the former employee are terminated and the information is secured etc.
7.2 PASSWORDS AND ACCESSES Access to Datasmash’s systems are restricted to only authorised users or processes, based on the principle of strict need to know and least privilege.All Datasmash employees must use a separate, unique password for each of their work related accounts. Passwords must not be shared with anyone, including managers and coworkers.All passwords are treated as sensitive, confidential Datasmash information.