Arrows

Description Permissions Security & Compliance

Keep up to date with what's happening in your Arrows account!The Arrows integration for Slack will notify you when plans are created, rooms are opened, comments posted, tasks completed, and more!Arrows is the tool for onboarding, sales, and success teams to close revenue faster and create happy customers.Give everybody the answer to “what’s next” with customer-facing plans that attach to HubSpot CRM.

Arrows will be able to view:

Arrows will be able to do:

Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.

General

Privacy & data governance

Data retention policy

Data Retention Arrows shall retain data as long as the company has a need for its use, or to meet regulatory or contractual requirements. Once data is no longer needed, it shall be securely disposed of or archived. Data owners, in consultation with legal counsel, may determine retention periods for their data. Personally identifiable information (PII) shall be deleted or de-identified as soon as it no longer has a business use. Legal Claim. We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim or intent to establish a claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.

Data archiving and removal policy

Data & Device Disposal Data classified as restricted or confidential shall be securely deleted when no longer needed. Arrows shall assess the data and disposal practices of third-party vendors in accordance with the Third-Party Management Policy. Only third-parties who meet Arrows requirements for secure data disposal shall be used for storage and processing of restricted or confidential data. Arrows shall ensure that all restricted and confidential data is securely deleted from company devices prior to, or at the time of, disposal. Confidential and Restricted hardcopy materials shall be shredded or otherwise disposed of using a secure method. Personally identifiable information (PII) shall be collected, used and retained only for as long as the company has a legitimate business purpose. PII shall be securely deleted and disposed of following contract termination in accordance with company policy, contractual commitments and all relevant laws and regulations. PII shall also be deleted in response to a verified request from a consumer or data subject, where the company does not have a legitimate business interest or other legal obligation to retain the data.

Data storage policy

The company's datastores housing sensitive customer data are encrypted at rest Confidential Data Handling Confidential data is subject to the following protection and handling requirements: Access for non-preapproved roles requires documented approval from the data owner Access is restricted to specific employees, roles and/or departments Confidential systems shall not allow unauthenticated or anonymous access Confidential Customer Data shall not be used or stored in non-production systems/environments Confidential data shall be encrypted at rest and in transit over public networks in accordance with the Cryptography Policy Mobile device hard drives containing confidential data, including laptops, shall be encrypted Mobile devices storing or accessing confidential data shall be protected by a log-on password (or equivalent, such as biometric) or passcode and shall be configured to lock the screen after five (5) minutes of non-use Backups shall be encrypted Confidential data shall not be stored on personal phones or devices or removable media including USB drives, CD's, or DVD's Paper records shall be labeled "confidential" and securely stored and disposed of in a secure, approved manner in accordance with data handling and destruction policies and procedures Hardcopy paper records shall only be created based on a business need and shall be avoided whenever possible Hard drives and mobile devices used to store confidential information must be securely wiped prior to disposal or physically destroyed Transfer of confidential data to people or entities outside the company shall only be done in accordance with a legal contract or arrangement, and the explicit written permission of management or the data owner Restricted Data Handling Restricted data is subject to the following protection and handling requirements: Access is restricted to users with a need-to-know based on business requirements Transfer of restricted data to people or entities outside the company or authorized users shall require management approval and shall only be done in accordance with a legal contract or arrangement, or the permission of the data owner Paper records shall be securely stored and disposed of in a secure, approved manner in accordance with data handling and destruction policies and procedures Hard drives and mobile devices used to store restricted information must be securely wiped prior to disposal or physically destroyed

Data center location(s)

United States

Data hosting details

Cloud hosted

Data hosting company

Heroku/AWS

App/service has sub-processors

yes

Guidelines for sub-processors

https://trust.arrows.to/subprocessors

App/service uses large language models (LLM)

Certifications & compliance

Security