Data Protection Q&A

Joanna
Joanna
  • Updated

 

Q:Where do you store data? 

A: Zencity Engage uses a combination of Google Cloud and AWS to host its application and store client data.  An Canadian region of each is used for Canadian clients, an American region for each is used for American clients, and a UK region for each is used for UK-based clients. Each location is compliant with many access restriction and personal information standards, including ISO 27001, 27017 27018, SOC 1,2,3 and PIPEDA. (see https://cloud.google.com/security/compliance/#/)

 

Q: What is your encryption and data integrity?

A: All Zencity Engage data stored (personal or otherwise) is encrypted when stored in database tables, temporary files, and backups. using the 256-bit Advanced Encryption Standard (AES-256) or with symmetric keys.  Google encrypts and authenticates all data in transit at one or more network layers.

 

Q: What kind of authentication and access control procedures are in place for the platform?  

A: All administrative interfaces with access to create engagements and report on, export, and view their results require that the administrative user be authenticated. Only administrative users with the account 'owner' role have permission to create new users.

 

Q: What is the process and protection/security of data while it in transit?

A: All data served up from Zencity Engage to our clients or their community members is served up over HTTPS.

 

Q: What is the process and protection/security of data transfer from one place to another while it is stored on Zencity Engage servers? 

A: Communications between the database and application are made over a private network and encrypted TCP connection.

 

Q: What are your data leak prevention capabilities?

A: Data leaks are prevented through an architecture that only allows survey data to flow one direction - from a community member's machine to the server. No Zencity Engage engagement data provided by an anonymous user is ever sent back to any community member.  Only in compliance with GDPR legislation, when a user is logged in, can they access or request an export of data contributed by their own account when logged in.

 

Q: What third parties access Zencity Engage data, and how?

A: If a client makes use of Zencity Engage's threaded conversation functionality, anonymized comment data from each posting will through Google's Perspective API to score its toxicity level. No data is stored on Google's side.  Additionally, while all email subscription, name, and address  information for community members s is stored in your country's data centre, Zencity Engage sends emails themselves using the Mailgun API.

 

Q: What happens to client data at the end of a service agreement?

A: At the conclusion of a client’s contract, they have the right to request that their Engage instance be destroyed, and that the daily rotating database backups be destroyed as well.  Zencity Engage provides the capability for administrators to export raw submission data for any engagement activity that was run on the platform, at which point it is emailed to the authenticated user and becomes their responsibility.

 

 

Was this article helpful?

/

Comments

0 comments

Article is closed for comments.