Our Commitment
At Conclude, our commitment to security is integral to our mission of facilitating seamless collaboration across various platforms. We ensure the protection of data through rigorous security measures and compliance with global data protection regulations.
Our Security Measures
Encryption and Data Protection: Conclude ensures all data transmitted and stored within our platforms is encrypted using HTTPS with TLS 1.2 or higher.
Data at Rest is protected using advanced encryption methods. Specifically, we use AES-256 encryption to secure stored data, ensuring it is safeguarded against unauthorized access and breaches.
Our data storage is secured on Google Cloud Platform with automated backups and point-in-time recovery options.
Minimal Permission Requirement: Conclude is committed to respecting user privacy by never asking for more permissions than are necessary to provide our services. This ensures that only essential data is accessed, aligning with our privacy-first approach and minimizing potential risks.
For a full list of Microsoft Teams RSC (Resource Specific Context) scopes requested by Conclude to connect platforms and Microsoft Teams delegated scopes requested by Conclude for User Sync, click here.
For the full list of Slack bot token scopes (which govern what Conclude can access) and Slack user token scopes (that can access user data on behalf of users that authorize them), click here.
Enterprise-grade Compliance: Conclude is SOC2 Type II certified, having met the rigorous standards through Vanta Trust. We are committed to maintaining the security and confidentiality of customer data and this step ensures that we are aligning our procedures and security measures with the standards required for this certification. See all relevant controls and information in the Vanta Trust Center.
Privacy First: We comply with major regulatory frameworks including GDPR, ensuring that personal data is handled with utmost care and only per legal and regulatory requirements.
Robust Infrastructure: Our platform architecture utilizes CloudSQL/PostgreSQL for relational data, Memorystore/Redis for caching, and maintains high-availability configurations to ensure reliability and performance.
Key Policies and Practices
Data Processing: We process data strictly to facilitate the functionality of Conclude without storing any personal data beyond what is necessary for transactional integrity and operational requirements.
Sub-processors and Third-Party Interactions: We engage with sub-processors such as Google, Slack Technologies, and Microsoft Corporation to enhance our service offerings, ensuring they adhere to our stringent security and privacy standards. Detailed documentation on sub-processor agreements is available upon request.
Regulatory Compliance and Rights of Data Subjects: Conclude assists in safeguarding the rights of data subjects under GDPR, including access, correction, and erasure of personal data.
Incident Response and Breach Notification: In the unlikely event of a data breach, Conclude is committed to notifying affected parties without undue delay and taking immediate remedial actions to prevent future occurrences.
Frequently Asked Questions
- What data does Conclude store? Conclude stores minimal data necessary for service operation. Primarily, we retain metadata associated with user interactions to ensure seamless functionality across platforms. This includes technical identifiers and logs of actions taken within the Conclude. All data is protected with robust security measures, including encryption, to maintain privacy and compliance with data protection regulations.
- Does Conclude Link store user messages or files? No, Conclude Link does not store user messages or files. It only retains message metadata for future reconciliation across platforms, but the actual messages and files are not permanently stored.
- What data does Conclude collect? We collect minimal data necessary from customer collaboration platforms like Slack, Microsoft Teams, Jira, and Zendesk to operate Conclude effectively. This includes workspace names, user contact information, channel data, actions within channels, and usage statistics. All collected data is essential for providing our services and is obtained with explicit user consent. We prioritize security in handling this information, employing stringent data protection measures to ensure its confidentiality and integrity during collection and processing.
- How does Conclude handle messaging access and data on Slack? Conclude can only view messages in channels/direct messages where the app is a member. If the Conclude app is not in the conversation, it won’t be able to view any of its contents. Conclude needs the ability to view the messages in a synced channel in order to post the same message on Microsoft Teams.
- How does Conclude handle messaging access and data on Microsoft Teams? Conclude will only subscribe to the channels/chats that are required. If the Conclude Teams app is installed into a Team or Chat, Conclude will get notifications about new messages in that Team or Chat. Conclude will ignore and immediately discard any data not required to perform its services. For linked channels/chats, only conversation metadata as described above will be stored by Conclude.
- How long is data stored? Data is stored for the duration of the service contract, or until Conclude is requested to delete it through a hard delete.
- How does Conclude handle the deletion of data? Conclude is committed to ensuring that your data is handled securely and with respect to your privacy rights. When data is no longer needed for service provision or at the request of a user, it is promptly deleted from our systems. Our standard deletion time is within 14 days from the date of request or the end of the service period, whichever is applicable. This includes a thorough removal of any stored data, ensuring that no residual data remains. Our processes are designed to protect against unauthorized access or inadvertent data retention.
- How is data secured against potential breaches? Alongside encryption, we employ continuous monitoring and have implemented stringent access controls to safeguard data.
- What happens if there’s an interruption in service? Our architecture is designed for resilience, with automatic failovers and redundancy to handle potential outages seamlessly.
- How can I access security documentation? Security documentation is available to customers upon request. For a full list of Microsoft Teams RSC scopes requested by Conclude to connect platforms and Microsoft Teams delegated scopes requested by Conclude for User Sync, click here. For the full list of Slack bot token scopes (which govern what Conclude can access) and Slack user token scopes (that can access user data on behalf of users that authorize them), click here.
Commitment to Transparency and Trust
At Conclude, we believe in full transparency and are committed to upholding the highest standards of data protection and security. For more detailed information about our security practices or to request security documentation, please contact our support team.