Data & Security Policy
We take privacy and security seriously. We are happy to discuss any security questions in more detail and answer security questionnaires or perform security reviews with customers. Please also see our Trust Center and Legal Center.
- We never have access to Salesforce passwords.
- We are only able to install and setup in a sandbox/test environment or your production environment, when you provide us this temporary access and you always control what level of access we have to your test or production environments. If you so choose, you may only give us access to your test environments and not your production environment.
- Also self-scheduling data in transit is encrypted via SSL (Secure Socket Layer).
Data We Collect
- Salesforce configuration information.
- To purchase text message & phone reminders in the SUMO Scheduler App, we use the payment processor Authorize.NET for credit card payments. When an Administrator enters their credit card information in our app, the information is sent directly to Authorize.NET. Your credit card number is never sent to SUMO Scheduler servers. Although it is highly secure, you may also choose to not purchase reminders through our application if you prefer and you may contact us directly instead.
Access to Systems
- All interaction between SUMO Scheduler and third-party platforms (e.g. Salesforce, Twilio, Authorize.NET) occurs over a secure HTTPS connection.
- We host our systems on industry-leading cloud infrastructure services including Salesforce.com.
Incident Response and Remediation
- The Salesforce platform is monitored 24/7/365 with numerous security, performance measurement, and error-checking tools.
- If an incident causes downtime, an update is posted on the Salesforce Trust Status Page or the Twilio Status Page.
- Should a security incident occur, we will notify affected users of the nature and extent of the breach, and take steps to minimize any damage. There have been no security incidents to date.
- Access to customer data by SUMO Scheduler employees is limited based on the need to access such data (e.g. to resolve a customer support ticket).
- When requested, we will destroy a user’s account, removing all customer data associated with that account.
- SUMO Scheduler adheres to the permissions assigned to user profiles in the customer Salesforce org.
- We perform regular internal vulnerability scans of our applications using accredited industry standard tools including the BURP and ZAP scan.
Third-Party Security and Privacy Reviews