Data Protection Q&A

Q: How do you separate my data from other customers' data? 

A: Each Pro Zencity Engage client receives its own database instance, walling-off personal information of one Zencity Engage client from any other Zencity Engage client.  Lite client data is name-spaced to keep it separate from other clients on the same database instance.  No database contains rows mixed with other client's data.

Q:Where do you store data? 

A: Zencity Engage uses the Google Cloud Montreal region to host its application and store all client data for Canadian clients, the Google Cloud North Virginia region for American clients, and the Google Cloud London Region for UK-based clients. Each location is compliant with many access restriction and personal information standards, including ISO 27001, 27017 27018, SOC 1,2,3 and PIPEDA. (see https://cloud.google.com/security/compliance/#/)

Q: What is your encryption and data integrity?

A: All Zencity Engage data stored (personal or otherwise) is encrypted when stored in database tables, temporary files, and backups. using the 256-bit Advanced Encryption Standard (AES-256) or with symmetric keys.  Google encrypts and authenticates all data in transit at one or more network layers.

Q: What kind of authentication and access control procedures are in place for the platform?  

A: All administrative interfaces with access to create engagements and report on, export, and view their results require that the administrative user be authenticated. Only administrative users with the account 'owner' role have permission to create new users.

Q: What is the process and protection/security of data while it in transit?

A: All data served up from Zencity Engage to our clients or their community members is served up over HTTPS.

Q: What is the process and protection/security of data transfer from one place to another while it is stored on Zencity Engage servers? 

A: Communications between the database and application are made over a private network and encrypted TCP connection.

Q: What are your data leak prevention capabilities?

A: Data leaks are prevented through an architecture that only allows survey data to flow one direction - from a community member's machine to the server. No Zencity Engage engagement data provided by an anonymous user is ever sent back to any community member.  Only in compliance with GDPR legislation, when a user is logged in, can they access or request an export of data contributed by their own account when logged in.

Q: What third parties access Zencity Engage data, and how?

A: If a client makes use of Zencity Engage's threaded conversation functionality, anonymized comment data from each posting will through Google's Perspective API to score its toxicity level. No data is stored on Google's side.  Additionally, while all email subscription, name, and address  information for community members s is stored in your country's data centre, Zencity Engage sends emails themselves using the Mailgun API.

Q: What happens to client data at the end of a service agreement?

A: At the conclusion of a client’s contract, they have the right to request that their instance be destroyed, and that the 7 days of daily rotating database backups be destroyed as well. A data backup or export may be provided to the client, if requested. Zencity Engage provides the capability for administrators to export data, at which point it is emailed to the authenticated user and becomes their responsibility. When data is retired from Google’s systems, hard disks containing customer information are subjected to a data destruction process before leaving Google’s premises. First, disks are logically wiped by authorized individuals using a process approved by the Google Security Team. Then, another authorized individual performs a second inspection to confirm that the disk has been successfully wiped. These erase results are logged by the drive’s serial number for tracking. Finally, the erased drive is released to inventory for reuse and redeployment. If the drive cannot be erased due to hardware failure, it is securely stored until it can be physically destroyed. Each facility is audited on a weekly basis to monitor compliance with the disk erase policy.