Security
When you are setting up your app with us to make integrations for your end-users, you are trusting us with a significant chunk of your user data. We believe it is our responsibility to keep your information secure and intact. In the B2B SaaS world, data confidentiality, lack of transparency, locations of data servers, and many other security concerns are quite understandable for a user.
This document will help you comprehend what information we collect, why we collect it, and what security measures we take to keep it safe.
The information we collect when creating your app
Integry has the policy to collect the minimum amount of data which is required to configure your app on our platform and to execute successful integrations.
User Information
Authentication
When a user creates an integration inside your app, they authorize Integry on their behalf with a third-party app. When the user logs in to that app, they grant us access to their account information. We ask for permission and inform the user about the information we will collect.The Integry Connector appears at the time of authentication, as shown in the figure below.
The Access Tokens and User IDs used to authenticate the account are stored in our servers.
In case you are availing white-labeled connectors for apps, the Integry logo or branding is not shown anywhere to your user. Instead, the user will see your app’s logo on the connector screen; and will grant the same permissions to your app. Shown below is a white-labeled connector example of an integration with Campaign Monitor.
Visit our pricing page to see the charges for white-labeled connectors.
White-labeling changes what your user sees, but the same authentication data is being stored with Integry on the back-end.
User’s External App Data
When a third-party app user account is linked to our platform, some user data is required for the integrations to work. While we take all measures to protect your data including encrypting it when it is saved, we reduce the amount of data we collect to reduce user exposure in the unlikely event of a data breach or an exploit.
For example, if your user connects their JIRA account to your app to manage their tasks from inside your app, we will only keep the Project ID which they want to work in. We do not keep anything else.
Once the integration is set up, Integry acts as a pipe between your app and the linked third-party app. We may need to query data from the externally connected app to send it to your app. Data is only stored on our systems if you add storage steps where you explicitly specify what you want to store and for how long. Otherwise, by default, nothing is stored on long term storage other than logging data for a limited time (see below). The information or user details that are stored with Integry are those provided by the user at the time of integration creation.
An example of the data stored is in case of two-way sync where we may store the Record IDs and their mapping between the two apps. This is the minimum data that needs to be collected in order to keep both connected apps in sync i.e., a change made to a record in one app being reflected for that record in the other app as well.
How your information is saved with us
We use Google Cloud Platform for data storage. The data is encrypted through Data at rest Encryption. Data-at-rest refers to data that is not moving, inactive data that is stored in digital form. Encryption prevents unauthorized access to data and averts data visibility. Data at rest includes strong encryption methods like AES or RSA.
We use Https to transfer data between client and server (Data-at-motion) to ensure maximum safety.
We have a proper role management mechanism, that determines what information or data will be accessible to whom. The system logs are also kept secure and password protected, to avoid any unauthorized access. Our development has access to limited logs data that is required to debug integration issues.
How long do we keep your data
We generally discard information about you when we no longer need the information for the purposes for which we collect and use it, described in detail in our Privacy Policy.
An example of the data we store is, when you delete an Integration Template from your integry.io account, it stays in the logs just in case you need information about it at a later point — because starting again from scratch is no fun, at all. The deleted content may remain on our backups and caches until purged. We maintain logging data never for up to 30 days before permanently purging it. Log data is used for debugging and rendering details of how an integration was executed. After the retention period, you will no longer be able to see detailed logs of past integrations. Our goal is to keep retention period to the minimum and will continue to reduce the default retention period.
GDPR
Businesses and users from the European Union are protected by the GDPR to which Integry is fully compliant.
As part of this regulation, you can reach out to Integry to:
If you are located in certain countries, including those that fall under the scope of the European General Data Protection Regulation (AKA the “GDPR”), data protection laws give you rights with respect to your personal data, subject to any exemptions provided by the law, including the rights to:
- Request access to your personal data;
- Request correction or deletion of your personal data;
- Object to our use and processing of your personal data;
- Request that we limit our use and processing of your personal data; and
- Request portability of your personal data.
Please visit our GDPR page for details and to make a data request.
EU-U.S. Privacy Shield Framework
As part of the EU-US Privacy Shield Framework compliance, set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States, Integry is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
In case of any concerns related to unresolved privacy or data use that we have not addressed satisfactorily, you may contact our third party recourse mechanism provider, JAMS, for dispute resolution (free of charge). Please refer to our Privacy Policy for more information.
HIPAA Compliance
Integry complies with HIPAA regulations for handling Electronic Protected Health Information (ePHI). Integry systems only store data that is essential to deliver our core services. The data that we process and its purposes have been mentioned on this page. Integry has signed Business Associate Agreements (BAAs) with all services we consume to deliver our service to you. Lastly, please note that the data you store on our service is up to you, by using storage steps for example. You can design your workflow to minimize storage or add expiry on the stored data. Please request your Customer Success Manager for details or for a BAA contract.