Data Security and Privacy
Security of your data and your privacy is a business priority at Teamble. We build everything with customer trust and security in mind. For us, security is not a set of guidelines to meet but it is one of the most critical service features we provide. Here are our Data Security and Privacy Features:
Key Security Features
Secure Cloud Infrastructure
Teamble’s data and services are hosted with world’s leading cloud provider Amazon Web Services (AWS) in its US facilities, spread across multiple availability zones to ensure reliability and disaster recovery. AWS data centers are monitored by 24X7 security, biometric scanning, video surveillance and are SOC 1, SOC 2, and SOC 3 certified.
Data Permissions and Authentication
Access to customer data is limited to authorized employees whose job functions require it. Additionally, 2FA and strong password policies on all tools used internally are strictly implemented for all Teamble employees to ensure third-party access to these cloud services are protected.
Encryption
All data is transmitted over HTTPS, and any data stored is encrypted in transit and at rest using 256-bit encryption. Our application endpoints are TLS/SSL only and score an “A” rating on Qualys SSL Labs‘ tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled.
Incident Response
Teamble has a protocol in place for handling various security incidences, all of which employees are informed and trained on. Breaches will be communicated within a reasonable amount of time, and vulnerabilities are fixed ASAP.
SSO and 2FA
Teamble inherits the same authentication method that you use for your Slack workspace, including Single Sign-On (SSO) and Two Factor Authentication (2FA). These methods allows you to authenticate users in your own systems without requiring them to enter additional login credentials
Permissions
Teamble has different levels of user permissions and settings within the platform for your organization and teams.
Enterprise Ready Compliance
EU GDPR
As of April 2nd, 2020 Teamble is GDPR compliant. Organizations who employ EU-based individuals can rest assured that Teamble is handling their personal information in compliance with the latest EU laws
CCPA
As of January 1st, 2020 Teamble is CCPA compliant in how it handles data of California residents.
PCI
All payments to Teamble are processed through our partner, Stripe. To learn more about their security setup and PCI compliance, you can visit Stripe’s security page.
Please visit our Privacy Policy to read more about our commitment to the regional and international data privacy regulations.
Commitment to Security
Security Team
Security is a company-wide endeavor. Teamble employs staff responsible for reviewing, updating, testing and maintaining our security and privacy policy. Teamble has a dedicated Data Protection Officer (DPO) to handle a variety of issues in accordance with the GDPR, CCPA and any other data privacy and security framework requirements. Having a DPO ensures that Teamble will continue to invest in data security and privacy. To contact our DPO: DPO@teamble.com
Trainings
Teamble have been diligent in conducting more awareness and training with employees around data protection and incident response on potential issues like data breaches. All employees complete an annual security training program and employ best practices when handling customer data.
Internal Policies
Teamble has a set of comprehensive security and awareness policies that cover a wide range of topics. These policies are updated as necessary and shared with all employees.
Confidentiality
All employee and contractor contracts include a confidentiality agreement contingent on acceptance of employment or contracted project work.
Handling Data Subject Rights Requests
Teamble implemented compliance measures to make it easy to handle requests such as deletion or update requests of your personal data. To do so, simply email privacy@teamble.com with your request.
Third party audits
Teamble audited all the services it uses fromsubprocessors to ensure that they are either GDPR compliant or don’t gain access to personal data. Our sub processors are: Amazon Web Services Inc., cloud infrastructure service provider in the US. Twilio Inc., cloud based communications platform in the US, Zendesk Inc., cloud based customer service and support provider in the US, Stripe Inc., cloud based payment infrastructure provider in the US.
Responsible Disclosure
If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at security@teamble.com. We will acknowledge your email within ten business days.
Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one month of disclosure.
Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Teamble service. Please only interact with accounts you own or for which you have explicit permission from the account holder.
Exclusions
While researching, we’d like you to refrain from:
- Distributed Denial of Service (DDoS)
- Spamming
- Social engineering or phishing of Teamble employees or contractors
- Any attacks against Teamble’s physical property or data centers
Security questions or issues?
Please contact us at security@teamble.com