Skip to content

Privacy and Security

 

Data Privacy Policy

We take our customers’ data privacy and security with utmost seriousness.
Our solution LinkPoint Connect(ME) performs synchronization of business communication and CRM data between users’ CRM accounts and mailboxes.β€―
LinkPoint Connect(ME) for Salesforce synchronizes the following types of authorized users’ data: Calendar items, Tasks, Contacts, Email messages, and file Attachments. Using the solution’s Dashboard, the users can define which record types to synchronize via LPC service, as well as other aspects of its functioning.β€―
For more details, see the β€œProduct-specific Privacy Terms” section of the complete Connect(ME) Data Security Policies document.

 

Official certification and regular audit

 

⇛ SOC2 Type II certified: Security, Availability, Processing Integrity, Confidentiality, and Privacy Audit

⇛ Privacy shield certified

⇛ GDPR compliant

⇛ ISO-27001 (Information Security Management set) certified

⇛ Google Security review certified by NCC Group

⇛ Connect(ME) is a longstanding certified Microsoft Partner based on special competency requirements

⇛ All Connect(ME) package components undergo regular penetration tests carried out by independent contractors

⇛ Connect(ME) technical support team ensures super-fast reaction to security cases as well other kinds of reports. See this article for more information

 

 

Security Policies

With over 13 years of experience of building and implementing successful enterprise solutions, we know very well that email correspondence and CRM data stand among the key assets of any modern business. For this reason handling all communications between your email and CRM systems and LinkPoint Connect(ME) with maximum security is our topmost priority.

We follow a multi-level layered approach, which is continuously updated with the latest technologies to ensure the highest level of security for our customers’ data, from complete physical security of Microsoft certified data centers we use to secured access authorization procedures for the end users (see below) and the latest gen encrypted data transfer protocols.

 

Application Design

LinkPoint Connect(ME) Sync component is built as a scalable customized Microsoft Azure service which supports geo-distributed data centers and provides the highest levels of availability and resilience; it matches Microsoft’s standards for secure applications.

The Add-In component of LinkPoint Connect(ME) is a MS Outlook add-in verified by Microsoft that works directly with users’ email and CRM data, also displaying relevant information for the end users and conveying their inputs and actions to LPC Sync or directly to Salesforce. The Chrome Extension option for LPC integration into Gmail works in the same manner as the Add-In and is verified by Google.

 

Service Authentication

While LinkPoint Connect(ME) also supports legacy authentication solutions, for example to work with MS Exchange 2010, by default all LPC end users follow the most secure access authentication procedures:

  • Single Sign-On to access Salesforce and OAuth 2.0 or MS Graph for Office 365

  • Using EWS to authorize MS Exchange data access, with optional fallback to login/password authentication for legacy MS Exchange servers

  • Using OAuth 2.0 to authorize Gmail and Google calendar data access for LPC Chrome Extension users

  • Possibility of mass mailboxes provisioning via Impersonated Exchange access, where the local Exchange Admin grants LinkPoint Connect(ME) permissions to work with specified users’ mailboxes and calendar data

  • Possibility of mass Salesforce provisioning via impersonating account or API-only user, where the local Salesforce Admin grants LinkPoint Connect(ME) permissions to work with specified users’ Salesforce data

 

Granular Access Control

Our app’s access to user configurations and data is built on granular level, it is based on the concepts of Permissions, Roles, Principals, Resources and Authorizations:

  • All data views, transfers, or other related actions are controlled by structured permission rules
  • Combination of Permission sets into Roles allows to define allowed operations scopes very specifically
  • In LPC data access architecture, assigning of Principals, Roles for specific Resources access, results in granting of the minimum required permissions level for performing of very specific tasks

This access control policy covers all LinkPoint Connect(ME) users, including Connect(ME) Admins: Sales, Support and Customer Success teams, to ensure that the customers’ data is accessible only by the entitled end users.

 

Data Protection

LinkPoint Connect(ME) ensures multi-level protection of sensitive data from accidental or malicious loss, whether in transit, at rest, or on the go. Among standard techniques, that includes:

  • Access to Salesforce, Office 365, and Gmail data is performed through certified apps on respective services
  • In-transit encryption: all data transfers between Salesforce/Microsoft Exchange or Google servers as well as user interactions with them via LPC are encrypted with TLS protocol
  • At rest encryption: all relevant configuration data is encrypted in rest state on physical storage database level
  • Secrets handling: all used access secrets (tokens, passwords) are additionally encrypted on application level using keys transferred separately from the data. Furthermore, LPC API connections are designed in such a way so access secrets never leave LinkPoint Connect(ME) perimeter
  • Data backup and point-in-time restore: users’ and orgs’ configuration data is continuously backed-up automatically; it is kept as multiple copies, ensuring the possibility to do a point-in-time restore
  • Data isolation: server-side synchronization of data of different LPC users is logically and physically isolated, which guarantees that no data can be transferred or leak between the users, in any other ways but ones defined by Salesforce or Microsoft Exchange / Office 365 / Gmail

 

Infrastructure

  • Data centers: LinkPoint Connect(ME) is hosted on Microsoft Azure data centers which ensure the highest security levels
  • Security Updates: LinkPoint Connect(ME) is a managed cloud solution; that, regular besides updates of LPC features, implies automatic front-end and back-end data security infrastructure updates
  • Firewalls and network access: LinkPoint Connect(ME) uses Microsoft Azure’s capabilities to run its services in a secure virtual network with limited and strictly audited external access
  • Networking: no server used by LinkPoint Connect(ME) for user data transfers or config keeping is accessible from outside the network. Any externally visible services operate behind a firewall and a load balancer within this virtual private network

   


Get back to us
We would love to hear from you

Name:

E-mail:

Question or comment: