Sifflet App
Sifflet is a Full Data Stack Observability platform for all data stakeholders. Sifflet allows teams to get full visibility over data, metrics, metadata, and lineage to get ahead of data issues before they become business catastrophes.The Sifflet App for Slack posts notifications in public and private Slack channels when data quality issues are detected by Sifflet monitors.If you want to learn more about Sifflet's product and pricing model, reach out to contact@siffletdata.com
Permissions
Sifflet App will be able to view:
Sifflet App will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
Sifflet
Company headquarters location
France
Terms of service
Privacy & data governance
Data retention policy
The following is an extract of Sifflet "Records Retention, Archiving, and Destruction Policy", "4. Retention Policy" section.
Retention is defined as the maintenance of records in a format that can be accessed by
an authorized user in the ordinary course of business.
A Record shall be considered active so long as Record is in use by a business unit or
division (“Function”) or referenced in an external document. Customer files shall be
retained for the duration of the contracts under which Sifflet is providing them with
services.
After active use has expired and according to appropriate exceptions, the Record shall
be archived in accordance with section 5 until the Record is destroyed in accordance
with the Record Retention Schedule in Appendix B.
For the purposes of enforcing retention in accordance with this policy each head of
Function (e.g., VP of Engineering) is responsible for the Records their Function creates,
uses, stores, processes, archives, and destroys.
Each head of Function shall be responsible for enforcing the retention, archiving, and
destruction of records in their respective Function, and for communicating these periods
to the relevant employees. Each employee shall have the responsibility of following and
implementing the policies as it relates to the Records they create, maintain or access.
Each employee shall be responsible for returning Records in their possession, custody
or control to the Company upon separation or retirement. The final disposition of such Records shall be determined by their immediate supervisor in accordance with this Policy.
Data archiving and removal policy
The following is an extract of Sifflet "Records Retention, Archiving, and Destruction Policy", "5. Destruction Policy" section.
Destruction is defined as physical or technical destruction sufficient to render the
information contained in the document irretrievable by ordinary commercially available
means.
The Administrator shall maintain and enforce a detailed list of approved destruction
methods appropriate for each type of Records archived, whether in physical storage
media such as CD-ROMs, DVDs, backup tapes, hard drives, mobile devices, portable
drives, or in database records or backup files, as well as the destruction or erasure of
electronic records. Paper Records shall be shredded so that confidential or personal
information cannot practicably be read or reconstructed.
Consumer reports or information derived from consumer reports shall be properly
disposed of in accordance with the Federal Trade Commission’s Disposal Rule.
Consumer reports include information obtained from a consumer reporting agency for
use in credit or employment decisions. Sifflet does not directly obtain consumer report
information in its regular course of business and in employment decisions; Sifflet utilizes
a third-party background check service that provides summary consumer report
information. Any consumer report information that Sifflet obtains on paper shall be
shredded so that personal information cannot practicably be read or reconstructed as
soon as practicable after its business use. Any consumer report information that Sifflet
obtains via electronic means shall be destroyed or erased so that the information cannot
practicably be read or reconstructed as soon as practicable after its business use.
The legal department may issue a litigation hold or investigation hold request, pursuant
to Sifflet’s Legal Hold Policy, to the Administrator that requires that Records relating to
potential or actual litigation, arbitration or other claims, demands, disputes, or regulatory
action be maintained and/or archived in accordance with instructions from the legal
counsel.
Each head of Function shall be responsible for enforcing the retention, archiving, and
destruction of records, and communicating these periods to the relevant employees.
Data storage policy
The following is an extract of Sifflet "Security and compliance" documentation page, available here https://docs.siffletdata.com/docs/security.
As a rule, Sifflet does not store any sensitive data.
Sifflet does not store any data from any client database. When Sifflet needs to display column values, one of these strategies is used:
- data is fetched on-demand and discarded immediately after being displayed
- data is normalised (actual values are replaced with normalised values, discarding the original and making it impossible to retrieve them) - this is used for instance in anomaly detection.
As a result, Sifflet does not store any PII (personal identifiable information).
Sifflet stores the credentials required to access datasources in a separate secrets manager, outside the main database. Access to any secret is logged. Per the previous section, a given Sifflet instance can only access the secrets associated to this instance.
Sifflet only requires read-only access to the monitored datasources. Granting any form of write access to Sifflet is highly discouraged.
You can revoke the permissions you granted to Sifflet at any time, in which case Sifflet no longer has access to any of your data.
Sifflet engineers don't access your datasources. Any access to a production environment is logged, and access to said production environment is only granted to engineers when required to investigate a production issue.
Application logs don't contain any sensitive data. Sifflet doesn't log any data from a datasource, nor any credential used to connect to the datasource. Application logs may contain metadata (as defined below, such as table and column names). They may contain queries against datasources, but not their results. Access to logs is restricted.
Data center location(s)
Ireland, United States, Singapore
Data hosting details
AWS
Data hosting company
AWS
App/service has sub-processors
no
Certifications & compliance
SOC attestation
ISO/IEC-27001 certification
GDPR commitment
Data deletion request procedure
Users can reach out to dpo@siffletdata.com to perform a data deletion request.
HIPAA compliant
yes
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Date of latest pen test
2022-02-28
Executive summary is available to potential customers upon request
yes
Supports Single Sign On (SSO) with the following providers
Okta, Google, Azure AD, virtually all IdPs leveraging SAML2
Supports Security Assertion Markup Language (SAML)
yes
Has a dedicated security team
yes
Contact for security issues
security@siffletdata.com
Has a vulnerability disclosure program
no
Has a bug bounty program
no
Requires third party authorization/connections
no
Uses token rotation
no