Security

Data privacy and security is embedded in every part of our business. Visit our Security Portal to understand the details for several of the frameworks, regulations, and certifications that apply to our company and its products.

Database Security

We host your data in its own secure database on MongoDB. Only our CTO and system administrator have access to databases, for technical purposes only, accessed via VPN servers and two-factor authentication.

Logical Security

Each tenant is hosted in a separate database instance. All in-transit data is encrypted with 256 bit SSL. All our operations run at Google Cloud Platform and Kubernetes.

Salesforce.com Security Review

RevenueHero has successfully completed the Salesforce.com Security Review.

Encryption

We enable encryption of sensitive data both at rest and in transit over public networks. All in-transit data is encrypted with 256 bit SSL.

Data Privacy

We only use customer data to provide our Services; we do not share it with any third party nor use it for marketing purposes.

Data Ownership

Your data is yours - 100%. We won't delete data within your account without informing you and giving you time to export it.

Data Usage

We don't mine or access your data for commercial purposes and only access it to provides our Services.

Integrated Services

We use OAuth tokens that are stored at S3 using native encryption.

Physical Security

We follow the Google Security model. All our operations run at Google Cloud Platform and Kubernetes. Backups are stored on Google Cloud Storage.

Data Recovery

We regularly back up your data and provide a maximum 12-hour RTO and RPO.

Privacy & Safety Features

We offer you the ability to control privacy impacting features.

Certificate

Revenuehero is SOC2 Type 2

RevenueHero has achieved SOC 2 Type 2 and ISO 27001 accreditation.

GDPR Compliant

RevneueHero has taken the necessary measures to be GDPR compliant.
Please see Exhibit A of our terms and conditions for more details on GDPR compliance.

Frequently asked questions

Who owns the data we store in RevenueHero? Will you use our data to build advertising products?
As a RevenueHero customer, you own and control your data. Your calendar and Salesforce remain a system of record. We do not use your data for anything other than providing you with the service to which you have subscribed.
Do you offer privacy controls in your service?
We commit to a number of privacy and security measures in the data processing terms of your agreement.
Where is our data stored?
RevenueHero servers are currently hosted in multiple Google Cloud servers across the United States.
Is our data encrypted?
Yes - we use Amazon S3. Sensitive customer data is encrypted at rest and when traversing over public networks.
What is your approach to security and which security features do you offer to protect your service from external attacks?
Security is one of the most important design principles and features of RevenueHero. Our focus on security spans hardware, software development using OWASP secure coding practices, policies and controls, and verification by independent auditors.

When it comes to security features, there are broadly two types of categories:
1) built-in security and 2) customer controls. Built-in security represents all the measures that we take on behalf of all our customers to protect your information and run a highly available service. Customer controls are features that enable you to customize RevenueHero to meet the specific needs of your organization.
Can we get our data out of your service?
You own your data and retain all rights, title, and interest in the data you store with RevenueHero. During and for 30 days after your subscription, you may migrate your data at any time and for any reason, without assistance from RevenueHero.
Will you inform us when things change in the service, and will you let us know if our data is compromised?
We do inform you if there are any important changes to the service with respect to security, privacy, and compliance. This information is delivered via our in-app notification system. We also promptly notify you via email if your data has been accessed improperly.
Are you transparent with the way you use and access our data?
We do share important aspects of data storage, such as where your data resides in terms of geographic location, who at RevenueHero can access it, and what we do with that information internally. The data processing terms of your agreement also covers how we are allowed to use your data in detail.

Our position on access to your data is:

Access to customer data is strictly controlled and logged, and sample audits are performed by both RevenueHero and third parties to attest that access is only for appropriate business purposes. We recognize the extra importance of our customers' content.
What kind of commitments do you have with respect to security and privacy?
RevenueHero includes data processing terms in our customer agreements. We are also attached to an EU Data Protection Addendum (including model clauses) through Google Cloud.
How do you ensure that your service is reliable?
We apply best practices in design and operations, such as redundancy, resiliency, distributed services, and monitoring—to name a few
Is our data backed up? Are there disaster recovery tools in place?
All data you store in RevenueHero is fully backed up with tested and certified disaster recovery processes in place. The backup of data and disaster recovery is handled by RevenueHero. Our current RTO and RPO times are within 12 hours.
How do you connect with Salesforce?
This article shows you the RevenueHero data flow:
Where can I report incidents?
Report incidents to support@revenuehero.io.