Secure & reliable

Secure Development Practices

Salesmate developers follow the secure development practices described in OWASP. Every change request or a new feature has to pass through a security checklist before going to production. The code always has to go through vulnerability scanners, code analyzer tools, and manual code verification process.

Data Isolation

With our horizontal database design, clients’ primary data is stored separately. All additional data and files for customers are also logically separated in our cloud storage to avoid data leaks and accidental access.

Your data is entirely yours. It’s only stored on our dedicated VPCs while using the services and not shared with any third party without your consent.

Data Retention and Disposals

We retain your data as long as you are using Salesmate services. Your data gets deleted from the servers in 30 days from the day of trial expiry or subscription cancellation.

We only maintain the invoicing and service entries for accounting and legal requirements.

Encryption

All customer data is encrypted and stored using Google’s built-in encryption-at-rest features. More technically, we use Google’s server-side encryption feature with Google-managed encryption keys to encrypt all data at rest using AES-256, transparently, and automatically. You can find additional information on how encryption at rest protects your data here.

At the workplace

Access to our office, infrastructure, and facilities is controlled using access cards. Our HR team provides and maintains access cards given to employees, contractors, and visitors with only specific locations and entrances. We also monitor entry, exits, and all internal activities over the CCTV cameras deployed according to the regulations. Backup footage is also maintained for a particular time based on the requirement.

At the Data Centers

Our dedicated VPCs are hosted in Google Data Cloud’s secure infrastructure.

Access to Google’s data center floor is only possible via a security corridor which implements multi-factor access control using security badges and biometrics. Only approved employees with specific roles may enter.

Additionally, Google data center physical security features a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics, and the data center floor features laser beam intrusion detection.

Logging and Monitoring

All the logs coming from our services, internal network, devices are stored and analyzed to find usual activities.

Customers also have changelogs for record updates and deletions inside their record details.

Platform Load Balancing

With our load balancers and auto-scale of service-nodes provides continuous and secure access to services around the globe.

Data Backup

The client’s database replicates over multiple availability zones in an almost real-time manner.

Every midnight we take a customer wise backup and store encrypted and compressed files inside Google Cloud buckets. If a customer requests data recovery within the retention period, we will restore their data and secure access. The timeline for data restoration depends on the size of the data and the complexity involved.

Incident and Response Management

The security team runs an in-house Incident Response (“IR”) program and guides Salesmate employees on reporting suspicious activity. The goal of the Incident response program is to detect and react to security incidents, determine their scope and risk, respond appropriately to the incident, communicate the results and risk to all stakeholders, and reduce the likelihood of incident from reoccurring.

Employee background checks

We hire reputed external agencies to do background c hecks for each new hire. The process verifies their criminal records and previous employment records. Until the verification completes, the employee is not assigned any activity or information which may pose a risk to our customers and teammates.

Security Awareness and Training

Each employee has to go through information security, privacy, and compliance training. They also learn about incident response reporting and communication methods. They might have to go through additional security training to configure and manage client services or cloud spaces based on their role.

We also host internal events and quizzes to ensure their knowledge is up to date as per the industry needs.

Dedicated Security Team

We have a dedicated security team to ensure that the company’s infrastructure, software/applications are upgraded to avoid any security compromise. They also provide domain-specific training to the developers and consulting teams to follow security code practices and procedures.

Endpoint Security

All our workstations are configured to encrypt data at rest. We don’t allow any removable media sources inside our office premises. All our applications and access points are enabled with two-factor login, and employees are required to pick a strong password and keep changing them over a particular period.