Client Data Usage and Security
1. Does your application support single sign-on (i.e. OAuth, SAML 2.0)?
We use Auth0 as our authentication layer, however Google OAuth is the only SSO method we currently support. Our roadmap includes support for additional SSO solutions, including SAML, and these will be prioritized in future engineering sprints based on client demand.
2. Is client data encrypted in storage and transit? If so, what encryption/hashing methodology are used? How is access to cryptographic keys administered and controlled?
We encrypt all data at rest and in transit. Data is stored in AWS RDS and encrypted with custom keys from AWS KMS. All database connections use SSL. HSTS is used to ensure browsers always encrypt all communication.
3. Explain how your service provides data backups in a secure fashion.
Data backups are provided via Amazon's Relational Database Service (RDS. The snapshots are encrypted using their Key Management Service (KMS).
4. What removable media (including backup tapes, USB thumb drives, etc) is used to store client information?
No media are used to store this information.
5. Are security logs or reports created and reviewed to identify use or attempted use, and modification or attempted modification of critical systems components?
We have implemented a central logging server, and are working with a third party security firm to begin implementing log review systems for monitoring unauthorized access of systems.
6. What kinds of data will Crossbeam have access to?
The type of information data being stored are names and contact information for the companies in the client's customer base and sales pipeline; names and contact information for the people at those companies using the client’s product or involved in the buying process. The actual decision on which information is imported into the system would be determined and managed by the client via the Crossbeam platform.
7. Will any EU resident "personal data" (GDPR) be processed or stored by Crossbeam?
Yes. Crossbeam offers a Data Processing Addendum ("DPA") that sets out the basis on which Crossbeam processes Customer Personal Data.
8. Is Crossbeam certified under the EU-US Privacy Shield?
Yes, Crossbeam is certified under the EU-US Privacy Shield. View the certification here: https://www.privacyshield.gov/participant?id=a2zt00000008W76AAE&status=Active
9. Do you guarantee deletion of data if we were to terminate services, and on what timeline?
Yes, within 2 weeks.