Privacy and Security¶
This Privacy Policy (hereinafter – the “Policy”) describes how Avora Holdings LTD (“Revenue Grid”) collects, uses, processes, and discloses your information, including personal information, in connection with your access to and use of Revenue Grid services and products. When this Policy mentions “Revenue Grid”, “we”, “us”, or “our”, it refers to the “Avora Holdings LTD”.
Avora Holdings LTD complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework(s), as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union (EU) and Switzerland to the United States.
Avora Holdings LTD has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms of the Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit http://www.privacyshield.gov.
What this Policy covers¶
Your privacy is important to us, as well as being transparent about how we collect, process, use, and share information about you.
This Privacy Policy covers what information we collect about you when you use our websites, products, apps, software, unless a different policy is displayed. Avora Holdings LTD offers a wide range of products and in this Policy we refer to all of these products, along with our other services, apps, and websites as “Services”.
Product-specific privacy terms are described in the respective section of this Policy. This section describes how we process customer data in connection with our specific product or service.
What information we collect about you¶
We collect information about you when you provide it to us directly or via our partners, after you give your consent while using our Services or when other sources (Data Controllers) provide it to us.
Information you provide to us
We collect/process information about you when you enter it into the Services or otherwise provide it directly to us.
Account and Profile Information: We collect and store information about you when you register an account on products sign up, set your product preferences, or make purchases through the Services. For example, the contact information you provided.
The content you provide through our websites: The Services include the websites owned or operated by us. We collect content that you submit on these websites. For example, you provide content to us when you share your Services use feedback or when you get engaged with any interactive features, download marketing materials, take part in surveys, promotions, or online events.
Information you provide through our support channels: The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with the Service. Whether you identify yourself as a technical contact, open a support ticket, speak to one of our representatives directly, or otherwise engage with our support and CSM teams, you will be asked to provide your contact information, a summary of the problem you are experiencing, and any other relevant documentation, screenshots or other details helpful for resolving the issue.
Information we collect automatically when you use the Services
We collect information about you when you use our Services, that includes browsing our websites and performing certain actions within the Services.
Your use of the Services: We keep track of certain information about you when you visit and interact with any of our Services. This information includes the features you use and how you interact with others using the Services.
Device and connection information: We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and the settings applied when you install, access, update, or use our Services. We also collect information from your device about your operating system, browser type, URLs of the referring/exit pages, device identifiers, and crash data, if relevant. We use your IP address and/or region preference in order to approximate your location to provide you with a better Service experience. The scope of collected information depends on the type and settings of the device you use to access the Services.
Cookies and other tracking technologies: Our website and Services may use cookies and other tracking technologies to provide their essential functionality or to recognize you across different Services and devices. Please, see our Cookie Policy for more information.
Information we receive from other sources
We receive information about you from other Service users, from third-party services, from our related companies, and from our business and channel partners.
Other users of the Services: Other users of our Services may provide information about you when they submit content through the Services. For example, you may be mentioned by your CRM administrator when submitting an issue to our technical support. We also receive your email address from other Service users when they provide it in order to invite you to the Services. Similarly, an administrator may provide your contact information when they designate you as the billing contact for your company’s account.
Other services you link to your account: We receive information about you when you or your administrator integrate or link a third-party service with our Services. For example, if you create an account or log into the Services using your credentials, we receive your name and email address as permitted by your System profile settings in order to authenticate you. You or your administrator may also integrate our Services with other services you use, to allow you to access, store, share and edit certain content from a third-party through our Services. Or you may authorize our Services to connect with a third-party calendaring service so that your meetings and connections are available to you through the Services. The information we receive when you link or integrate our Services with a third-party service depends on the settings, permissions and privacy policy controlled by that third-party service.
Our Partners: Some of our partners help us to market and promote our products, generate leads for us, and resell our products. We sometimes receive contact information, company name, what Our products you have purchased or may be interested in, evaluation information you have provided, what events you have attended, and what country you are in.
Other partners: We receive information about you and your activities on the Services from third-party partners, that provide us with information about your interest in and engagement with our Services.
Our Services are responsible for transferring data between systems using API technologies.
How we use information we collect¶
How we use information we collect depends on what Services you use, how you use them, and on any preferences you may have communicated to us. Below are specific purposes of using information about you.
- To provide the Services and personalize user experience: We use information about you to provide the Services to you, including to transactions processing, Services login authentication, customer support provision, and Services operation and maintenance. Our Services also include tailored features that personalize your experience and enhance your productivity with our apps.
- For research and development: We constantly look for ways to make our Services smarter, faster, and more secure, integrated, useful to you. We use collective anonymized findings about how people use our Services as well as the feedback provided directly to us to troubleshoot issues and to identify products usage trends, activity patterns, and the areas for Services integration enhancing and general improvement. In some cases we apply these findings across different Services to improve and develop similar features or to better integrate them with other Services you use.
- To communicate with you about the Services: We use your contact information to communicate with you via email and within the Services to confirm your purchases, send reminders about subscription expiration date, respond to your questions and requests, provide customer support, send out technical notices, updates, security alerts, administrative messages, and so on. We also provide tailored communications based on your activity and interactions with us. Besides that, we send you communications when you just start using to a particular Service to help you become more proficient with it.
- To market, promote, and drive engagement with the Services: We may use your contact information and the information about how you use the Services to send relevant promotional communication that may be of specific interest to you; that includes promotion emails and displaying targeted ads via other companies’ websites or apps, as well as via platforms like Facebook and Google. These communications include information about new features, survey requests, newsletters, and events that we think may be of interest to you and are aimed at boosting engagement and maximizing the Services’ value for you. We also notify customers about new products, offers, promotions, and contests. You can always opt out from our email newsletters. For the avoidance of doubt, this apply to the cases where we act as the data controller in relation to registered users of the Services. This subsection does not apply to the processing of customer data processed and synchronized by the Service.
- Customer support: We use your information to resolve technical issues you may encounter with the Services, to respond to your assistance requests, to analyze crash information, and to repair and improve the Services.
- With your consent: We may use information about you for a specific purpose not listed above if you have given us your consent to do so. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
Notwithstanding anything to the contrary in this Privacy Policy, our use of data obtained via the Google Restricted Scopes (hereinafter “Google User Data”) is limited to providing or improving user-facing features that are prominent in the requesting Service’s user interface. We do not use Google User Data for other purposes. We do not use or transfer Google User data for serving ads, including retargeting, personalized, or interest-based advertising. App’s (Service’s) use of information received, and App’s (Service’s) transfer of information to any other app, from Google APIs will adhere to Google’s Limited Use Requirements. Please, see the relevant subsection Product-Specific Privacy Terms in this Privacy Policy.
Legal basis for processing (for EU and EEA users):
If you are an individual in the European Economic Area (EEA), we collect and process information about you only when we have legal basis for doing so under applicable EU laws. The legal basis depends on the Services you use and how you use them. This means we collect and use your information only when we rely on one or more of the following grounds:
-
We need such information to provide the Services to you, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
-
It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. When we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use. However, in some cases, this may mean that you will no longer use the Services.
How we share information we collect¶
We do not sell or trade your information with any third parties.
This section describes how we may share data collected by us for the defined purposes and in accordance with a legal basis for processing, as specified in this Privacy Policy.
Sharing with third parties
We share information with third parties that help us operate, provide, improve, integrate, customize, support, and market our services.
Service providers: We engage our contracted service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis, and other services for us, which may require them to access or use information about you. If a service provider needs to access some information about you to perform relevant services on our behalf, they do so under strict instruction from us, including a set of Policies and Procedures implemented to protect your information.
Third party apps: You, your administrator, or other Services users may choose to add new functionality or change the behavior of the Services by installing third-party apps within the Services. Doing so may give these third-party apps access to your account and information about you, like your name and email address, and any content you choose to use in connection with those apps. We encourage you to review privacy policies of third parties before connecting to or using their applications or services, to learn more about their privacy and information handling practices. If you object to information about you being shared with these third parties, please uninstall the app.
Links to third party sites: The Services may include links that direct you to other websites or services whose privacy practices may differ from ours. If you submit information to any of those third party sites, your information is governed by privacy policies of these third party sites, and not by the present Policy. We encourage you to carefully read the privacy policy of any website you visit.
With your consent: We may share information about you with third parties when you have given us your consent to do so. For example, we often display personal testimonials of satisfied customers on our public websites. With your consent, we may post your name by a testimonial.
Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights: In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our Agreements, Policies and Terms of Service, (c) protect the security and integrity of our products and services, (d) protect Us, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
How we store and secure information we collect¶
Security and storage of information
We use data hosting service providers located in the United States and Europe to host the information we collect and process, and we use industry standard technical measures to secure your data.
We have taken steps to implement appropriate security, technical, and administrative measures to prevent unauthorized disclosure, use, or access to the information.
How long we keep information
We will keep the Personal information we collect about you only for as long as we need it for the purposes it was collected, or for the period of time as may be required by law.
How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
Account information: We retain your account information for as long as your account is active and for a reasonable period thereafter, in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services.
When we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
Information you share on the Services: If your account is deactivated or disabled, some of your information and the content you have provided will remain.
Managed accounts: If the Services are made available to you through an organization (e.g., your employer), we retain your information as long as required by the administrator of your account.
Marketing information: If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our Services, such as when you last opened an email from us or stopped using your account at Our Services. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
INTERNATIONAL TRANSFER OF INFORMATION¶
Your Personal Information may be processed by us in the United States, by our affiliates, and by our service providers including ones located in other countries, and as disclosed in the respective sections herein.
In case your Personal Information is transferred outside EEA to any countries that are not subject to an adequacy decision by the European Commission, we ensure that the recipient provides the necessary adequate level of protection, as required by the GDPR (article 46), for example by entering into standard contractual clauses approved by the European Commission, if applicable; or you will be asked to give a prior written consent for such international transfer of your personal data, if that is required by law.
Privacy Shield
We comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce (the “Privacy Shield”) regarding the collection, use and retention of personal information transferred from the European Union (EU) and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification, please visit http://www.privacyshield.gov.
The Privacy Shield Principles set forth our accountability for EU/Switzerland Personal Data that we receive under the Privacy Shield and subsequently transfer to a third party. As described in this Privacy Policy, we may use third parties to process data on our behalf. We remain liable if they do so in a manner inconsistent with the Privacy Shield Principles.
Should you have any Privacy Shield-related complaints about our collection or use of your personal information or any inquiries, please, contact Avora Holdings LTD at: [email protected]. We will respond within 45 days.
If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, you may contact your relevant Data Protection Authority using the information provided at https://ec.europa.eu/info/law/law-topic/data-protection_en and/or the Swiss Federal Data Protection and Information Commissioner (FDPIC). Avora Holdings LTD commits to cooperate with the panel established by the EU DPAs and/or the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by the panel established by the EU DPAs and/or FDPIC with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and/or Switzerland.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration through the Privacy Shield Panel if neither we nor the panel established by the DPAs/FDPIC resolves your Privacy Shield complaint.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
We may be required to disclose personal information in response to lawful requests by public authorities, including to meet the national security or law enforcement requirements.
How to access and control your information¶
You have several choices available to you regarding access and control of your information that we collected. Below is a summary of these choices, the ways to exercise them, and possible limitations that might apply.
Your Choices:
You have the right to
- Obtain from us a confirmation as to whether any Personal information about you is being processed by us, and to request a copy of your information that we hold about you;
-To object to our use and processing of your information (including the use for marketing purposes);
- To request erasure, deletion, or restriction of your information;
-To request your information to be presented to you in a structured electronic format;
You also have the right to request the erasure or deletion of your Personal information and the right to restrict the processing of your information in certain cases;
-To request your information to be presented to you in a structured, commonly used and machine-readable format and the right to transmit those data to another controller to the extent possible (the right to data portability);
-Withdraw your consent in the cases when processing of your Personal Information is based on your consent;
- The right to request rectification/correction of your Personal Information in cases where the processed Personal Information is inaccurate or out of date;
- To file a complaint with the appropriate data protection authority if you consider your rights have been violated.
Below, we describe the tools and processes for making these requests.
In case the Services are administered for you by an administrator from your organization, you may first need to contact your administrator to assist with your requests. In other occasions, you may contact us as provided in the Contact Us section below.
Your requests and choices may have some limitations in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. If you have asked us to share data with third parties, for example, by installing third-party apps, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted.
If you have unresolved concerns, you may have the right to complain to a data protection authority in the country you reside, work, or in which you feel your rights were infringed.
Request to deactivate your account: If you wish to stop using our Services, please contact our Support team.
A Request to stop using your information: In some cases, you may ask us to stop accessing, storing, using, and otherwise processing your information where you believe we don’t have the appropriate rights to do so. In case you gave us the consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. You can also opt out of our using of your information for marketing purposes by contacting us. If you make such request, we may need some time to investigate and facilitate it. If there is a delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honored or the dispute is resolved, provided your local administrator does not object (where applicable). If you object to information about you being shared with a third-party app, please disable the app or contact your local administrator to do so.
A Request to opt out of communications: You may opt out of receiving promotional communications from us by using the unsubscribe link included in each email. Even after you opt out from receiving promotional messages from us, you will continue to receive transaction messages from us regarding our Services. You can also opt out of some notification messages via your Service account settings.
You may exercise your rights by contacting us using the information in the “Contact Us” section below.
Product-specific Privacy Terms¶
This section provides information with regard to processing of data in connection with the use of our certain Services/Products by the customers/users. Hereinafter, “User Data” means information including personal information, that is processed by the Services as specified below in the respective subsections.
The servers deployed to power and facilitate our Services’ infrastructure are located in secure data centers. Specifically, we use industry standard Microsoft Azure cloud hosting services.
In order to provide technical support for our Services (exclusively for troubleshooting and incident resolution), we may provide access to telemetry and service logs data to our employees/contractors. All entitled individuals strictly adhere to our Privacy and Security policies and any such access is restricted to such specially trained individuals.
Revenue Grid
Our Revenue Grid solution is intended for outbound mailing and replies processing automation within sales and other kinds of email campaigns. Revenue Grid also bi-directionally synchronizes Lead statuses within Salesforce.
Revenue Grid processes and stores the following categories of User Data, including Personal Data:
- User Details: First name, Last name, title, phone, and email of Revenue Grid user to provide the possibility to send email to business contacts imported from Salesforce by the user’s request, and the IP address
- User Contacts details: business contacts may be imported from Salesforce or other sources. Contacts access is restricted according to defined User roles and visibility settings. Based on the data available in the data source, Revenue Grid may process and store the following contact details: First name, Last name, Email, Phone number, Company name, Title, Country, Address details
- Related emails (correspondence): emails sent from Revenue Grid, replies, and other correspondence, including Sent date, Subject, Recipients list, Email body
- Email Templates and Attachments: templates imported from Salesforce and files attached to business correspondence, for communication processing
Revenue Grid User data is stored throughout the Service subscription term and then for three calendar months after the end or expiration of the subscription. Three calendar months after the end/expiry of the subscription, all the User Data gets permanently deleted from our servers.
The User may permanently delete the persisted data including Personal Data of Revenue Grid emails recipients, using one of the following methods:
-
Manually: one recipient at a time or in a bulk manner. In this case Revenue Grid will purge the recipients’ details and all related data used in the system.
-
By request sent to our Customer support. In this case all recipients’ details and related data will be purged irrecoverably from the servers
Revenue Grid Service logs and telemetry data may be stored for three calendar months.
Email Opens And Link Clicks Tracking Feature
Our products include the Email Opens (“Magic Pixel”) and Link Clicks Tracking feature that allows users to track sent emails’ status (opened/not opened by a recipient) and clicking of links contained in emails’ bodies.
The user can disable or enable this feature in product Customization settings. If this feature is enabled, the following data categories get processed and stored by the Service:
- Public IP Addresses of the recipients who opened the email or clicked the links
-
Country/state (from the Public IP)
-
City (from the Public IP)
- Browser name / UserAgent
- Email Subject
- Recipients’ email addresses
The User may delete the User Data stored by the Services by submitting a respective request to our Customer Support.
Please note that when using the Email Opens and Link Clicks Tracking feature, customer/user (as the data Controller) needs to comply with the requirements of data protection laws, and some laws may require that the recipients have opted-in to the collection of the tracking data.
SAP Cloud for Customer Server-Side Integration for Groupware
Our Services may perform synchronization of business communication and CRM data between user’s CRM account and user’s mailbox over API technologies, including Google APIs, as specified below.
SAP Cloud for Customer Server-Side Integration for Groupware (hereinafter for the purposes of this subsection referred as the “Service”) performs specific data processing between SAP Cloud for Customer and the user’s mailbox (“User Data”) and provides a sidebar pane for Microsoft Outlook (as an add-in) or Gmail (as a Chrome browser extension) that allows to interactively view and modify CRM context associated with the currently selected email message or calendar item. The Service can access and process records of the following types: Calendar items, Tasks, Contacts, Email messages, and Attached files from the user’s mailbox, as well as various record types available in the CRM. Using the Service’s settings pages, the authorized Service user can define which record types to synchronize or access via the Service.
Any User Data including Personal Data is processed by the Service solely to provide the Service to the users. User Data is only passed through the Service, temporarily kept in memory of the Service for performing a specific operation (a records data synchronization session or user-initiated data access or update) and is not written to any persistent storage.
Additional Limits on Use of Google User Data
The App’s (Service’s) use of information received, and the App’s (Service’s) transfer of information to any other app from Google APIs will adhere to Google’s Limited Use Requirements.
Notwithstanding anything else in this Privacy Policy, our use of Google User Data (data obtained via the Google Restricted Scopes) is limited to providing or improving user-facing features that are prominent in the requesting Service’s user interface. We do not use Google User Data for other purposes. We do not use or transfer User Data for serving ads, including retargeting, personalized, or interest-based advertising.
We do not share Google User Data with other Service users or any third parties. We may transfer Google User Data to others exclusively as necessary:
-
to provide or improve user-facing features that are prominent in the requesting Service;
-
to comply with requirements of applicable law or
- as part of a merger, acquisition, or sale of assets with the notice to users. We will notify users of any such requirement should they arise.
We do not allow humans to read the Google User Data unless:
- we first obtained the user’s affirmative agreement for specific messages;
-
it is necessary for security purposes;
-
it is necessary to comply with applicable law; or
- our use of Google User Data is limited to internal operations and the data (including derivations) have been aggregated and anonymized.
Organization’s administrators
If an end-user registers or accesses the Service using an email address with a domain that is owned by end-user’s employer or organization, and such organization wishes to establish an account on the site, the name of that end-user, email address of that end-user, and dates of past use of end-user account with the Service may become accessible to that organization’s administrators so they would be able to perform their functions as administrators and adjust and/or customize the Service for users.
Sub-Processors
In order to provide our Products and Services to customers and run our platform, we may use and engage sub-processors, including the affiliates of AVORA HOLDINGS LTD.
Notice to End Users
Many of our products are intended for use by organizations. This implies that the Services are made available to you through an organization (e.g. your employer), and the organization is the administrator of the Services and is responsible for the user accounts and/or Service sites over which it has control.
If this is the case, please direct your data privacy questions to your local administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may differ from this Policy.
The local administrators can:
- require you to reset your account password
- restrict, suspend, or terminate your access to the Services
- access information in and about your account
- access or retain information stored within your account
- install or uninstall third party apps or other integrations
In some cases, the administrators can also:
- restrict, suspend, or terminate your account access
- change the email address associated with your account
-
change your information, including profile information
-
restrict your ability to edit, restrict, modify, or delete information
Please contact your organization’s entitled specialists or refer to your administrator’s organizational policies for more information.
Our Policy towards children¶
The Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact our support services.
Changes to our Privacy Policy¶
We may change this Privacy Policy from time to time. We will post any Privacy Policy changes on this page and; if significant, material changes are made, we will provide a more prominent notice by adding a notification on the Services’ home pages and login screens, or by sending you an email notification. We encourage you to review our Privacy Policy whenever you use the Services to stay informed about our information handling practices and the ways how you can help protect your privacy.
If you disagree with any changes made to this Privacy Policy, you will need to stop using the Services and deactivate your account(s), as outlined above.
Additional disclosures to California residents¶
We have collected the following statutory categories of Personal information in the past twelve months:
-
Identifiers (name, e-mail, phone number)
-
Commercial information
- Internet or network information
- Geo-location data (IP address)
- Payment information
The purposes for which we collect this information are described in the respective section of this Policy “How we use information we collect”. We do not trade or sell your personal information to any third parties. We may share or disclose the above information only in the ways that are described in the respective section in this Policy “How we share information we collect”, provided the involved parties have adopted the appropriate security and confidentiality measures.
Your Rights Under California Consumer Privacy Act of 2018
You have the right to request from us what information we have collected, used, and disclosed about you over the past twelve months.
You have the right to learn how we process your Personal Information.
You have the right to request from us the deletion of your Personal information collected and maintained by us.
You have the right not to be discriminated against while you exercise one of your privacy rights.
Please kindly note that some exceptions to your rights specified above may apply, as permitted by law.
You may designate your authorized agent to exercise the above rights on your behalf. If necessary, we may need to verify your identity by the appropriate method, or verify your authorized agent’s identity.
To exercise your rights, please contact us at the address provided in the section “Contact Us” of this Policy.
Data Privacy Policy¶
We take our customers’ data privacy and security very seriously. For this reason, we adhere to the following basic principles to protect customer data:
- We never share our customers’ personal or business data with third parties
-
Revenue Grid never stores any of your Salesforce or MS Exchange/Office 365/Gmail data, such as contacts, emails, calendar items, etc. The relevant data is only discreetly transferred through the cloud app, temporarily cached in secure MS Azure servers’ memory and is never written to any persistent storage nor transferred outside of the established secured infrastructure. Essential exceptions to this principle:
- What data is temporarily cached for logging purposes by RG Email Sidebar x: 1. identifiers and last modified dates of the records processed by RG sync; 2. the names of records with which the Sync engine had issues, solely to indicate them to the end users and Admins in sync error notifications; 3. RG Email Sidebar Meetings Scheduler temporarily keeps specified slots and spans to build selection tables for the recipients.
- Unlike RG Email Sidebar, Revenue Grid has to store specific customer and communication data which is required for performing its sales engagement and communication automation functions: the users’ email correspondence history and contacts imported from Salesforce are securely and discretely kept on Revenue Grid’s MS Azure servers.
- No automatic RG Email Sidebar customers opt-ins into Revenue Grid are performed; the customers must agree to the additional Revenue Grid Privacy Policy clauses before switching.
-
Any personally identifiable information which gets transferred through our servers is secured with industry standard protocols and encryption technologies; more on this below.
See also: RevenueGrid.com Privacy Policy.
Official certification and regular audit¶
⇛ SOC2 Type II certified: Security, Availability, Processing Integrity, Confidentiality, and Privacy Audit
⇛ Privacy shield certified
⇛ GDPR compliant
⇛ HIPAA Seal of Compliance verified
⇛ ISO-27001 (Information Security Management set) certified
⇛ A multisided solution security review carried out by NCC Group
⇛ Revenue Grid is a longstanding certified Microsoft Partner based on special competency requirements
⇛ All Revenue Grid components undergo regular penetration tests carried out by independent contractors
⇛ Revenue Grid technical support team ensures super-fast reaction to security cases as well other kinds of reports. See this article for more information
Confidentiality and Availability¶
We implemented appropriate technical, organizational, and administrative systems, policies, and procedures designed to ensure the security, integrity, and confidentiality of customer data and to mitigate the risk of unauthorized access to or use of customer content.
Unless other terms apply or agreed otherwise, with respect to subscription based SaaS Services, during the prepaid subscription Revenue Grid will use commercially reasonable efforts to make the SaaS Services available 24 hours per day, 7 (seven) days per week, except for planned maintenance and emergency downtime and any unavailability due to circumstances out of Revenue Grid’s control (including but not limited to customer’s misuse of the Services; failures of customer’s or its users’ internet connectivity; Internet or other network traffic problems etc.).
Security Policies¶
With over 13 years of experience of building and implementing successful enterprise solutions, we know very well that email correspondence and CRM data stand among the key assets of any modern business. For this reason handling all communications between your email and CRM systems and Revenue Grid with maximum security is our topmost priority.
We follow a multi-level layered approach, which is continuously updated with the latest technologies to ensure the highest level of security for our customers’ data, from complete physical security of Microsoft certified data centers we use to secured access authorization procedures for the end users (see below) and the latest encrypted data transfer protocols.
Application Design¶
RG Sync component, also used in Revenue Grid’s architecture, is built as a scalable customized Microsoft Azure service which supports geo-distributed data centers and provides the highest levels of availability and resilience; it matches Microsoft’s standards for secure applications.
The Sidebar widget component of Revenue Grid is a web rendition of an MS Outlook add-in verified by Microsoft that works directly with users’ email and CRM data, also displaying relevant information for the end users and conveying their inputs, actions, and choices to Revenue Grid, email server or Salesforce.
Service Authentication¶
All RG end users follow the most secure access authentication procedures:
-
Single Sign-On to access Salesforce and OAuth 2.0 for Office 365
-
Using OAuth 2.0 to grant MS Exchange data access, with optional fallback to login/password authentication for legacy MS Exchange servers
Granular Access Control¶
Our app’s access to user configurations and data is built on granular level, it is based on the concepts of Permissions, Roles, Principals, Resources and Authorizations:
- All data views, transfers, or other related actions are controlled by structured permission rules
- Combination of Permission sets into Roles allows to define allowed operations scopes very specifically
- In RG data access architecture, assigning of Principals, Roles for specific Resources access, results in granting of the minimum required permissions level for performing of very specific tasks
This access control policy covers all Revenue Grid users, including Invisible.io Admins: Sales, Support and Customer Success teams, to ensure that the customers’ data is accessible only by the entitled end users.
Data Protection¶
Revenue Grid ensures multi-level protection of sensitive data from accidental or malicious loss, whether in transit, at rest, or on the go. Among standard techniques, that includes:
- Access to Salesforce, Office 365, and Gmail data is performed through certified apps on respective services
- In-transit encryption: all data transfers between Salesforce/Microsoft Exchange or Google servers as well as user interactions with them via RG are encrypted with TLS protocol
- At rest encryption: all relevant configuration data is encrypted in rest state on physical storage database level
- Secrets handling: all used access secrets (tokens, passwords) are additionally encrypted on application level using keys transferred separately from the data. Furthermore, RG API connections are designed in such a way so access secrets never leave Revenue Grid perimeter
- Data backup and point-in-time restore: users’ and orgs’ configuration data is continuously backed-up automatically; it is kept as multiple copies, ensuring the possibility to do a point-in-time restore
- Data isolation: server-side synchronization of data of different RG users is logically and physically isolated, which guarantees that no data can be transferred or leak between the users, in any other ways but ones defined by Salesforce or Microsoft Exchange / Office 365 / Gmail
Infrastructure¶
- Data centers: Revenue Grid is hosted on Microsoft Azure data centers which ensure the highest security levels
- Security Updates: Revenue Grid is a managed cloud solution; that, regular besides updates of RG features, implies automatic front-end and back-end data security infrastructure updates
- Firewalls and network access: Revenue Grid uses Microsoft Azure’s capabilities to run its services in a secure virtual network with limited and strictly audited external access
- Networking: no server used by Revenue Grid for user data transfers or config keeping is accessible from outside the network. Any externally visible services operate behind a firewall and a load balancer within this virtual private network
Contact Us¶
If you have questions or concerns about how your information is handled, please direct your inquiry to Avora Holdings LTD at:
Avora Holdings LTD. 950 East Paces Ferry Road, N.E., Suite 2150 Salesforce Tower, Atlanta, GA 30326
Company Communications; 13110 NE 177th Place, Suite 135 Woodinville, WA 98072.
E-Mail: privacy@revenuegrid.com
Phone number: +1 866 684 9276
We would love to hear from you!