We maintain SOC 2 Type II compliance and have automated continuous monitoring in place to ensure that we stay compliant. Email us at email@example.com to request our most recent SOC 2 audit report (conducted by Linford) or to see a snapshot of our current compliance audit.
We will NEVER sell your data or keep it hostage. In fact, Scratchpad doesn’t store your Salesforce data by default. Simply email us at firstname.lastname@example.org to learn more about your data or to request we delete it.
Think of Scratchpad as a UI layer on top of your Salesforce instance. We’re making it easier for your team to update your data, you’re still managing it. Contact us to learn more about our data management process.
We are hosted by Amazon Web Services (AWS) on US-based servers. AWS maintains a robust security system managed by World Class Security Experts. Review Amazon’s Security Center for more detailed information.
We built our app on Heroku, a Salesforce company. Heroku’s first value is trust, learn more about how they exemplify trust, and what standards they’ve implemented on their security certifications and polices on Heroku’s Compliance page.
We conduct continuous network vulnerability testing and contract an independent third-party to conduct penetration testing at least annually.
We maintain disaster and incident response plans to ensure that even in the worst scenarios our team is prepared to protect your information. We test and audit these plans annually, so we’re always ready to respond.
We use Salesforce’s OAuth to authenticate users, allowing your team to access Scratchpad without entering login credentials into our system. We also work with SSO providers, like Okta.
We work to ensure that our service is always available. You can review our status page at any time to review the current status of our platform, incidents, and scheduled outages here.
We require all sensitive data, both in transit and at rest to be encrypted using strong, industry-recognized algorithms. We regularly review all encryption algorithms in use to ensure that they follow the Advanced Encryption Standard.
All encryption keys generated, stored, and managed by Scratchpad are created and stored in a manner that prevents loss, theft, or compromise.
We maintain a stringent password policy, requiring all passwords to be complex, updated from the system default, and unique.
We practice least-privileged access for all of our systems and applications. This means that the only people with access to your account and data are Scratchpad employees that require access in order to fulfill their job responsibilities. We audit access regularly to ensure that the minimum number of individuals have access to your data.
We maintain and store logs for at least 12 months to identify each Scratchpad staff member that has accessed or created an action related to customer data.
We believe in collecting the minimum amount of data needed to ensure your account is managed and secure. We do not collect your customer’s data by default. We do offer features that allow for audit/history tracking that does require us to store some customer information. We are committed to ensuring that data remains secure and hold it to the same security standards as our own customer data. Email us at email@example.com to learn more about our audit history features.
We back up and encrypt all of our data daily, so you don’t have to worry about losing any of your account information. You can always reach out to us at firstname.lastname@example.org for more information about how we store your data or to request it is deleted.
We require all employees and contractors to acknowledge and undergo security awareness training at the time of hire and to refresh their knowledge at least annually. Employees and contractors in developer roles are provided with Secure Development Life Cycle (SDLC) training at the time of hire and annually thereafter. This training includes acknowledgment and understanding of the OWASP Top 10 common coding vulnerabilities.
Our development process was designed to ensure that code deployments are made in a manner that maximizes site uptime, productivity, and security while minimizing the exposure to risks. We employ version control development, code reviews, automated and manual testing prior to deploying code changes.
We work diligently to ensure that our service is secure, if you believe you have found a vulnerability, please email us at email@example.com We will work to resolve the issue quickly and follow our vulnerability disclosure policy.
Scratchpad is committed to working with you to ensure that your information is secure. Don’t hesitate to contact us at firstname.lastname@example.org with any comments or questions.