Edwin alerts is a security program that helps measure and change security behaviors across your team, delivered through Slack in fun engaging alerts. Edwin is a leader in behavioral cybersecurity. Using behavioral and learning design methodologies, we help teams change their security behaviors and prove that they have to clients, auditors, regulators, board members, and other key stakeholders. Edwin alerts keeps you in direct contact with Edwin’s CISO team, guiding your team to proactively respond to real world security events, but also providing support in case a team member is compromised and needs help. Here’s how it works:1. Download Edwin’s slackbot to get started2. As an admin, you’ll receive an initial message from Edwin bot explaining your admin dashboard and what to expect, and you’ll be asked to select a channel for Edwin Alerts to be pushed to for your team to see.3. Once installed, Edwin’s CISO team will curate and send custom security alerts into your specified channel. Each alert:- Identifies a real world security event that your team needs to take action on - Assesses whether an individual team member is vulnerable to that event - Provides fast step by step guidance on what to do - Establishes acknowledgement and proof that the action occurredIf team members need help, they can message the Edwin CISO team directly from slack. Most team members think of security as boring and a hassle, so Edwin makes alerts engaging and simple to keep motivation high.
Edwin will be able to view:
Edwin will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
Business data refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our services.
We may receive information about you through Slack. We also work closely with third parties (including, for example, business partners, suppliers, sub-contractors, analytics providers, and search information providers) and may receive information about you from them.
Legal bases for processing
We will process your personal information lawfully, fairly and in a transparent manner. We collect and process information about you only where we have legal bases for doing so.
These legal bases depend on the services you use and how you use them, meaning we collect and use your information only where:
· it’s necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (for example, when we provide a service you request from us);
· it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, and to protect our legal rights and interests;
· you give us consent to do so for a specific purpose (for example, you might consent to us sending you marketing emails); or
· we need to process your data to comply with a legal obligation.
Where you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).
We don’t keep personal information for longer than is necessary. While we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If necessary, we may retain your personal information for our compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.
Data archiving and removal policy
Data archival and removal policy:
Your rights and controlling your personal information
Restrict: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our website or products and services.
Access and data portability: You may request details of the personal information that we hold about you. You may request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may request that we erase the personal information we hold about you at any time. You may also request that we transfer this personal information to another third party.
Correction: If you believe that any information we hold about you is inaccurate, out of data, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.
Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.
Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Unsubscribe: To unsubscribe from marketing communications, please contact us using the details below, or opt-out using the opt-out facilities provided in the communication.
Automatic deletion: Your user account (including an email address Edwin may store directly) is automatically deleted within 24 months of inactivity.
We rely on “cookies” for certain functionality of the Edwin web experience. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our service.
If we or our assets are acquired; or in the unlikely event that we go out of business or enter bankruptcy, we would include data among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may continue to use your personal information according to this policy.
Data storage policy
Collection and use of information
We may collect, hold, use and disclose information for the following purposes and personal information will not be further processed in a manner that is incompatible with these purposes:
· to provide you with our platform’s core features;
· to process any transactional or ongoing payments;
· to contact and communicate with you; and
· for internal record keeping and administrative purposes.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to our marketing communications. You have the right to withdraw consent to marketing at any time by unsubscribing via email: email@example.com, and we will either delete your data from our systems or move your data to our "unsubscribe list". However, you acknowledge this will limit our ability to provide the best possible service and platform features to you.
The data that you instruct Slack to pass to Edwin Alerts is stored, so that interaction with the Slack API is possible and so that you can manage your own alerts and security guidance in the best possible way.
By design, Edwin has very little access to the data in your Slack workspace: Edwin cannot view any messages or activities in any of your channels or conversations and it also does not have access to any of your files. In addition to the team/workspace, channel, and user metadata mentioned above, Edwin receives data when you or another user on your workspace actively engages or interacts with Edwin.
Use of the Edwin service is not permitted for children under the age of 16. If you are aware of anyone under the age of 16 having supplied us with personal data, please contact us so that we can take steps to delete such information.
Disclosure of personal information to third parties
We may disclose personal information to third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, professional advisors and payment systems operators.
Edwin does not display any advertisements, and does not share any data with advertisers.
International transfers of personal information
The personal information we collect is stored and processed in the United States and United Kingdom, or where we or our partners, affiliates and third-party providers maintain facilities. By providing us with your personal information, you consent to the disclosure to these overseas third parties.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
Data center location(s)
Data hosting details
Edwin's Data is cloud housed within Google Cloud's Datacenters in the United States.
Data hosting company
Certifications & compliance
Supports Security Assertion Markup Language (SAML)
Has a dedicated security team
Has a vulnerability disclosure program
Vulnerability disclosure program covers Slack app
Has a bug bounty program
Requires third party authorization/connections
Slack conducts a brief review of apps in our App Directory and does not endorse or certify these apps. Report this app to Slack for inappropriate content or behavior.