Security

Our Commitment

At Conclude, our commitment to security is integral to our mission of facilitating seamless collaboration across various platforms. We ensure the protection of data through rigorous security measures and compliance with global data protection regulations.

Our Security Measures

Encryption and Data Protection: Conclude ensures all data transmitted and stored within our platforms is encrypted using HTTPS with TLS 1.2 or higher.

Data at Rest is protected using advanced encryption methods. Specifically, we use AES-256 encryption to secure stored data, ensuring it is safeguarded against unauthorized access and breaches.

Our data storage is secured on Google Cloud Platform with automated backups and point-in-time recovery options.

Minimal Permission Requirement: Conclude is committed to respecting user privacy by never asking for more permissions than are necessary to provide our services. This ensures that only essential data is accessed, aligning with our privacy-first approach and minimizing potential risks.

Enterprise-grade Compliance: Conclude is actively working towards achieving SOC 2 Type II compliance. We are committed to maintaining the security and confidentiality of customer data and are currently undergoing the observation process using the Vanta Trust management platform. This step ensures that we are aligning our procedures and security measures with the rigorous standards required for certification.

Privacy First: We comply with major regulatory frameworks including GDPR, ensuring that personal data is handled with utmost care and only per legal and regulatory requirements.

Robust Infrastructure: Our platform architecture utilizes CloudSQL/PostgreSQL for relational data, Memorystore/Redis for caching, and maintains high-availability configurations to ensure reliability and performance.

Key Policies and Practices

Data Processing: We process data strictly to facilitate the functionality of Conclude without storing any personal data beyond what is necessary for transactional integrity and operational requirements.

Sub-processors and Third-Party Interactions: We engage with sub-processors such as Google, Slack Technologies, and Microsoft Corporation to enhance our service offerings, ensuring they adhere to our stringent security and privacy standards. Detailed documentation on sub-processor agreements is available upon request.

Regulatory Compliance and Rights of Data Subjects: Conclude assists in safeguarding the rights of data subjects under GDPR, including access, correction, and erasure of personal data.

Incident Response and Breach Notification: In the unlikely event of a data breach, Conclude is committed to notifying affected parties without undue delay and taking immediate remedial actions to prevent future occurrences.

Frequently Asked Questions

1. What data does Conclude store? Conclude stores minimal data necessary for service operation. Primarily, we retain metadata associated with user interactions to ensure seamless functionality across platforms. This includes technical identifiers and logs of actions taken within the Conclude. All data is protected with robust security measures, including encryption, to maintain privacy and compliance with data protection regulations.
2. What data does Conclude collect? We collect minimal data necessary from customer collaboration platforms like Slack, Microsoft Teams, Jira, and Zendesk to operate Conclude effectively. This includes workspace names, user contact information, channel data, actions within channels, and usage statistics. All collected data is essential for providing our services and is obtained with explicit user consent. We prioritize security in handling this information, employing stringent data protection measures to ensure its confidentiality and integrity during collection and processing.
3. How does Conclude handle the deletion of data? Conclude is committed to ensuring that your data is handled securely and with respect to your privacy rights. When data is no longer needed for service provision or at the request of a user, it is promptly deleted from our systems. Our standard deletion time is within 30 days from the date of request or the end of the service period, whichever is applicable. This includes a thorough removal of any stored data, ensuring that no residual data remains. Our processes are designed to protect against unauthorized access or inadvertent data retention.
4. How is data secured against potential breaches? Alongside encryption, we employ continuous monitoring and have implemented stringent access controls to safeguard data.
5. What happens if there’s an interruption in service? Our architecture is designed for resilience, with automatic failovers and redundancy to handle potential outages seamlessly.
6. How can I access security documentation? Security documentation is available to customers upon request, helping you understand and verify our compliance with security obligations.

Commitment to Transparency and Trust

At Conclude, we believe in full transparency and are committed to upholding the highest standards of data protection and security. For more detailed information about our security practices or to request security documentation, please contact our support team.