Legal Center

Data & Security Policy

This agreement is executed to cover any services, such as implementation or professional services.

Your data’s security and privacy are our top priority. We’re committed to robust privacy and security practices. Have questions? We’re happy to discuss them in detail and assist you with completing security questionnaires – all to ensure your complete peace of mind.

Authentication

  • We never have access to Salesforce passwords.
  • We are only able to install and setup in a sandbox/test environment or your production environment, when you provide us this temporary access and you always control what level of access we have to your test or production environments. If you so choose, you may only give us access to your test environments and not your production environment.

Encryption

Also self-scheduling data in transit is encrypted via SSL (Secure Socket Layer).

Data We Collect

  • Salesforce configuration information.
  • To purchase text message & phone reminders in the SUMO Scheduler App, we use the payment processor Authorize.NET for credit card payments. When an Administrator enters their credit card information in our app, the information is sent directly to Authorize.NET. Your credit card number is never sent to SUMO Scheduler servers. Although it is highly secure, you may also choose to not purchase reminders through our application if you prefer and you may contact us directly instead.

Access to Systems

  • All interaction between SUMO Scheduler and third-party platforms (e.g. Salesforce, Twilio, Authorize.NET) occurs over a secure HTTPS connection.
  • We host our systems on industry-leading cloud infrastructure services including Salesforce.com.

Incident Response and Remediation

  • The Salesforce platform is monitored 24/7/365 with numerous security, performance measurement, and error-checking tools.
  • If an incident causes downtime, an update is posted on the Salesforce Trust Status Page or the Twilio Status Page.
  • Should a security incident occur, we will notify affected users of the nature and extent of the breach, and take steps to minimize any damage. There have been no security incidents to date.

Data Confidentiality

  • SUMO Scheduler does not rent, sell, trade or disclose your Personal Information to third parties without your consent, except as specified in our Privacy Policy.
  • Access to customer data by SUMO Scheduler employees is limited based on the need to access such data (e.g. to resolve a customer support ticket).
  • When requested, we will destroy a user’s account, removing all customer data associated with that account.
  • SUMO Scheduler adheres to the permissions assigned to user profiles in the customer Salesforce org.

Vulnerability Management

We perform regular internal vulnerability scans of our applications using accredited industry standard tools including the BURP and ZAP scan.

Third-Party Security and Privacy Reviews

We passed the Salesforce Security Review starting in December 2011 and we are listed on the Salesforce AppExchange.