Contact us Blog

Security, data collection and compliance

At Apsona, security and data protection are primary drivers in the design of all our products and services. We strive to ensure that customer data is never compromised in any way. Here we summarize the security-related aspects of our products.

Apsona's products are add-ons to Salesforce, and work within your browser connected to Salesforce. They can only operate within the browser window in the Salesforce context. Therefore, all of the security protections afforded by Salesforce are automatically inherited by Apsona products.

Data traffic boundaries

With all our products, data traffic is entirely limited to between your browser and your Salesforce database, with no third-party servers involved. There are two exceptions to this assertion, the PDF generator and the Scheduler, which are described further below. This data traffic is encrypted via the industry-standard SSL (Secure Sockets Layer) between your browser and Salesforce.

Data collection

Customer data

We do not collect or store customer data. No customer data passes through our servers, so we have no access to it. Throughout our product designs, we take particular care to ensure that all our code and processes are data-independent, so as to maximize data security.

License provisioning and usage data

We collect two types of information, neither of which includes customer data:
  1. User information, comprising the user's full name, user name and email address, so that we can provision licenses for users; and
  2. Usage information, containing logs of user actions within the application (e.g., the use of "Add to Campaign" or "Send email" functionality). This helps us to quickly identify and fix software bugs as well as determine focus areas for future development. This information does not contain any data from your Salesforce database.

Data privacy

We do not share data with any partners or others outside of Apsona. All data access is strictly limited to qualified and experienced personnel within Apsona.

Data storage

As noted above, we do not collect or store any customer data on any of our servers. The only exception occurs with our PDF conversion service, and it applies to you only if (a) you use the Document Generator add-on, and (b) you use the PDF format for generating your documents. (In other words, if you don't use the Document Generator add-on, or you never use the add-on to generate documents in PDF format, this doesn't apply to you.) In this specific case:

Server architecture

Our software uses servers for Our servers are located in secure hosting environments, across geographically distributed locations in the United States. This ensures high redundancy and resilience.

The Scheduler product

If you purchase and use Apsona's Scheduler product, you know that the Scheduler needs access to your data to produce reports non-interactively (i.e., outside of the browser). The Scheduler's design ensures the best possible security:

HIPAA compliance

As noted above, we do not store any customer data on any of our servers, with the exception of document format conversion. Given the range of verticals and domains that we service and the nature of data in documents, we are unable to detect sensitive information in them. Consequently, we rely on you, our customers, to safeguard your data. In general, you would want ensure that sensitive data is not included in generated documents, so that your security is not compromised.