We will NEVER sell your data or keep it hostage.
Think of Scratchpad as a UI layer on top of Salesforce. We’re making it easier for your team to update the data, you’re still managing it.
We built our app on Heroku, a Salesforce company. Heroku’s first value is trust. Learn more about how they exemplify trust, and what standards they’ve implemented on their security certifications and polices on Heroku’s Compliance page.
We conduct continuous network vulnerability testing and contract an independent third-party to conduct penetration testing at least annually.
We use Salesforce’s OAuth to authenticate users, allowing your team to access Scratchpad without entering login credentials into our system. We also work with SSO providers, like Okta.
We maintain a current list of third-party subprocessors for your information.
We maintain disaster and incident response plans to ensure that even in the worst scenarios our team is prepared to protect your information. We test and audit these plans annually, so we’re always ready to respond.
We work to ensure that our service is always available. You can view our status page at any time to review the current status of our platform, incidents, and scheduled outages.
All encryption keys generated, stored, and managed by Scratchpad are created and stored in a manner that prevents loss, theft, or compromise.
We maintain a stringent password policy, requiring all passwords to be complex, updated from the system default, and unique.
We practice least-privileged access for all of our systems and applications. This means that the only people with access to your account and data are Scratchpad employees that require access in order to fulfill their job responsibilities. We audit access regularly to ensure that the minimum number of individuals have access to your data.
We maintain and store logs for at least 12 months to identify each Scratchpad staff member that has accessed or created an action related to customer data.
We believe in collecting the minimum amount of data needed to ensure your account is managed and secure. We do not collect your customer’s data by default. We do offer features that allow for audit/history tracking that does require us to store some customer information. We are committed to ensuring that data remains secure and hold it to the same security standards as our own customer data.
We back up and encrypt all of our data daily, so you don’t have to worry about losing any of your account information.
Our development process was designed to ensure that code deployments are made in a manner that maximizes site uptime, productivity, and security while minimizing the exposure to risks. We employ version control development, code reviews, automated and manual testing prior to deploying code changes.
We work diligently to ensure that our service is secure, if you believe you have found a vulnerability, please email us at email@example.com. We will work to resolve the issue quickly and follow our vulnerability disclosure policy.