SharpSpring's live chat lets you chat with your site visitors right from Slack. This app provides one-to-one communication with your SharpSpring Chatbot site visitors via Slack integration. All conversations happen right in Slack so you can answer chats from your desktop and mobile phone with ease.
SharpSpring Live Chat will be able to view:
SharpSpring Live Chat will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
from Data Retention in https://help.sharpspring.com/hc/en-us/articles/360001058691-How-the-GDPR-Impacts-SharpSpring-and-You#h_301473341431522444219419
The backup policy at SharpSpring requires full backups of customer data daily, with incremental backups being performed each hour. SharpSpring’s data retention period for backups of customer data is seven days. SharpSpring replicates these backups to an off-site location in compliance with its own disaster recovery policy. SharpSpring cares about its customers' data, and has placed high availability (HA) mechanisms in place to reduce the need for recovery. SharpSpring makes a best effort attempt to retain customer data. However, SharpSpring does not provide any direct guarantee against loss of customer data.
SharpSpring's backup procedures follow the basic rules of the CIA triad: confidentiality, integrity and availability. They are verified for integrity, are encrypted, are securely transferred, and are stored both at on-site and off-site locations. These backups are then verified through reanimation testing.
SharpSpring utilizes open source technologies, such as Zabbix and OpenVAS, to monitor the availability of its services, obtain web application performance metrics, and perform regular vulnerability scans against its critical infrastructure. SharpSpring also reinforces these processes by regularly performing penetration tests against its own architecture. SharpSpring’s monitoring and associated alerting processes are regularly tested to ensure that SharpSpring Network Operations Center (NOC) staff is notified immediately upon the occurrence of any operations anomaly or service interruption.
13. Data Retention. in https://sharpspring.com/legal/privacy
We will retain personal data we collect from you where we have justifiable business need to do so, and/or for as long as it is needed to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required by law, such as for tax, legal, or accounting purposes.
You can request deletion of your personal data at any time, and we will consider your request in accordance with applicable laws.
When we have no justifiable business need to process your personal data, we will either delete it or anonymize it, or if it not possible (for example, because your personal data has been stored in backup archives), we will securely store your personal data and isolate it from any further processing until deletion is possible.
and our internal policy:
shsp-pol-009-data-protection Data Protection Policy
Created by Skyler Slade
Last updated Nov 03, 2020 by Jean HammanAnalyticsAnalytics
Policy inventory-control-number: shsp-pol-009-data-protection
Policy Authority: Skyler Slade
Policy Owners / Approver: Skyler Slade, Nate Geouge, Jean Hamman
Ticket: PL-40 - shsp-pol-009-data-protection Data Protection Policy
Suspension of Record Disposal in Event of Litigation or Claims
High Availability of Relational Databases
High Availability of Non-Relational Databases
Deletion of Data by a Customer
Tier 2, Tier 3
3. Email Events
4. Customer Data
The purpose of this Policy is to ensure that SharpSpring’s data, and the data of its Customers entrusted to it, are adequately protected and maintained and to ensure that data that is no longer needed or that is of no value is discarded at the proper time. This Policy is also for the purpose of aiding employees of SharpSpring in understanding their obligations in retaining certain kinds of data.
The purpose of backups is for multiple reasons: to allow SharpSpring to recover data and restore service in the event of catastrophic hardware failure; to recover data in the event of accidental deletion; to allow for
Data archiving and removal policy
When the relationship between SharpSpring and a Customer ends, data belonging to the Customer becomes subject to a retention period, after which the Customer’s data is deleted, or otherwise anonymized, such that it no longer contains any proprietary Customer information.
Deletion of Data by a Customer
When a Customer deletes data in their SharpSpring account, in most cases, the data is deleted immediately. This behavior is referred to as a “hard” delete, which is in contrast to a “soft” delete, in which the data continues to exist but is simply marked as unavailable.
When a Customer deletes a contact in their SharpSpring account, this is performed as a hard delete, and the data is removed immediately
Routine Disposal Schedule
Records which may be routinely destroyed unless subject to an on-going legal or regulatory inquiry are as follows:
Announcements and notices of day-to-day meetings and other events including acceptances and apologies;
Requests for ordinary information such as travel directions;
Reservations for internal meetings without charges / external costs;
Transmission documents such as letters, fax cover sheets, e-mail messages, routing slips, compliments slips and similar items that accompany documents but do not add any value;
Superseded address list, distribution lists etc.;
Duplicate documents such as CC and FYI copies, unaltered drafts, snapshot printouts or extracts from databases and day files;
Stock in-house publications which are obsolete or superseded; and
Trade magazines, vendor catalogues, flyers and newsletters from vendors or other external organizations.
In all cases, disposal is subject to any disclosure requirements which may exist in the context of litigation.
Destruction Levels & Method
Level I documents are those that contain information that is of the highest security and confidentiality and those that include any personal data. These documents shall be disposed of as confidential waste (cross-cut shredded and incinerated) and shall be subject to secure electronic deletion. Disposal of the documents should include proof of destruction.
Level II documents are proprietary documents that contain confidential information such as parties’ names, signatures and addresses, or which could be used by third parties to commit fraud, but which do not contain any personal data. The documents should be cross-cut shredded and then placed into locked rubbish bins for collection by an approved disposal firm, and electronic documents will be subject to secure electronic deletion.
Level III documents are those that do not contain any confidential information or personal data and are published Company documents. These should be strip-shredded or disposed of through a recycling company and include, among other things, advertisements, catalogues, flyers, and newsletters. These may be disposed of without an audit trail.
Managing Records Kept on the Basis of this Document
Record name Storage location Person responsible for storage Controls for record protection Retention time
Data storage policy
SharpSpring stores customer data in acccordance with GDPR requirements as set forth in the SharpSpring Data Protection policies.
Requests come in via support. User PII ownership is validated. Ticket is opened internally for tracking. Required teams are then assigned for removal of data.
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack App Directory, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Date of latest pen test
Executive summary is available to potential customers upon request
Supports Security Assertion Markup Language (SAML)