Bellow you will find security related Frequently Asked Questions:
Q: Where, in geographic locations, is the data stored and replicated (including backups and transmitted)?
A: All of our data is kept in the USA using different redundant storage solutions.
Q: How are multiple tenants' (i.e. customers) information segregated on shared platforms / storage?
A: Our Customer's data is stored securely and is accessible only by it's owners. We've built our own hosting environment and we do not use shared storage
Q: Do you adhere to any international best practice standards (ISO 27001 or similar)?
A: We do keep up with the latest international development best practices. All of the stuff we are doing is really innovative and it has not yet been formally standardized. We have amazing tech advisors, that are helping us select the best solutions incorporating security, performance and user experience. However, we do not implement standards like ISO27001.
Q: In the event that the information is required to be exported or transferred to a new provider or vendor – can Future Simple ensure interoperability with other providers or the ability to obtain all information in an intelligible format?
A: We do export data for our customers to cvs files which is considered as a intelligible format. Exported data is divided by object type (Lead, Contact, Deal, Note, Reminder) into tables.
Q: Is information backup / data retention covered in the SLA / End User Agreement (i.e. how long will you retain this information for)?
A: Upon account cancelation request data is instantly deleted from the production environment. Backup data is stored for a long period of time, although in case of loading the backup to the production environment, data of the deleted accounts would be immediately erased.
Q: Does Future Simple possess the ability to decrypt information in the event of an investigation or by request with or without the permission of the client?
Q: In the event of an investigation, breach or information disclosure – is Future Simple obliged to report this proactively to the client?
A: We are not obligated to report to the client. Although, we are going to do that.
Q: What levels of assurance or verification will Future Simple provide to ensure their technical levels are security are proactively monitored (at set intervals, and on an ad-hoc basis) - i.e. what levels of reporting will be available?
A: We do take full responsibility for our products and how they work. We do not want our clients to worry about such stuff, thus we do not provide any reporting for our clients.
Q: Where does Base stand with General Data Protection Regulation for the European Union?
A: We are certified for the EU-U.S. Privacy Shield - The Privacy Shield was designed by the U.S. Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States.