SharpSpring Live Chat

Description Features Permissions Security & Compliance

SharpSpring's live chat lets you chat with your site visitors right from Slack. This app provides one-to-one communication with your SharpSpring Chatbot site visitors via Slack integration. All conversations happen right in Slack so you can answer chats from your desktop and mobile phone with ease.

Permissions

SharpSpring Live Chat will be able to view:

SharpSpring Live Chat will be able to do:

Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.

General

Privacy & data governance

Data retention policy

from Data Retention in https://help.sharpspring.com/hc/en-us/articles/360001058691-How-the-GDPR-Impacts-SharpSpring-and-You#h_301473341431522444219419 Data Retention The backup policy at SharpSpring requires full backups of customer data daily, with incremental backups being performed each hour. SharpSpring’s data retention period for backups of customer data is seven days. SharpSpring replicates these backups to an off-site location in compliance with its own disaster recovery policy. SharpSpring cares about its customers' data, and has placed high availability (HA) mechanisms in place to reduce the need for recovery. SharpSpring makes a best effort attempt to retain customer data. However, SharpSpring does not provide any direct guarantee against loss of customer data. SharpSpring's backup procedures follow the basic rules of the CIA triad: confidentiality, integrity and availability. They are verified for integrity, are encrypted, are securely transferred, and are stored both at on-site and off-site locations. These backups are then verified through reanimation testing. SharpSpring utilizes open source technologies, such as Zabbix and OpenVAS, to monitor the availability of its services, obtain web application performance metrics, and perform regular vulnerability scans against its critical infrastructure. SharpSpring also reinforces these processes by regularly performing penetration tests against its own architecture. SharpSpring’s monitoring and associated alerting processes are regularly tested to ensure that SharpSpring Network Operations Center (NOC) staff is notified immediately upon the occurrence of any operations anomaly or service interruption. and 13. Data Retention. in https://sharpspring.com/legal/privacy Data Retention. We will retain personal data we collect from you where we have justifiable business need to do so, and/or for as long as it is needed to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required by law, such as for tax, legal, or accounting purposes. You can request deletion of your personal data at any time, and we will consider your request in accordance with applicable laws. When we have no justifiable business need to process your personal data, we will either delete it or anonymize it, or if it not possible (for example, because your personal data has been stored in backup archives), we will securely store your personal data and isolate it from any further processing until deletion is possible. and our internal policy: shsp-pol-009-data-protection Data Protection Policy Created by Skyler Slade Last updated Nov 03, 2020 by Jean HammanAnalyticsAnalytics Policy inventory-control-number: shsp-pol-009-data-protection Policy Authority: Skyler Slade Policy Owners / Approver: Skyler Slade, Nate Geouge, Jean Hamman Released: 2018-05-29 Version: 2 Reviewed: 2020-08-2020 Ticket: PL-40 - shsp-pol-009-data-protection Data Protection Policy Purpose Scope Policy Administration Suspension of Record Disposal in Event of Litigation or Claims Applicability Databases General Principles Classifications High Availability of Relational Databases High Availability of Non-Relational Databases Logs Customer Data Deletion of Data by a Customer Appendix A 1. Databases Tier 1 Tier 2, Tier 3 2. Logs 3. Email Events 4. Customer Data Purpose The purpose of this Policy is to ensure that SharpSpring’s data, and the data of its Customers entrusted to it, are adequately protected and maintained and to ensure that data that is no longer needed or that is of no value is discarded at the proper time. This Policy is also for the purpose of aiding employees of SharpSpring in understanding their obligations in retaining certain kinds of data. The purpose of backups is for multiple reasons: to allow SharpSpring to recover data and restore service in the event of catastrophic hardware failure; to recover data in the event of accidental deletion; to allow for

Data archiving and removal policy

Customer Data When the relationship between SharpSpring and a Customer ends, data belonging to the Customer becomes subject to a retention period, after which the Customer’s data is deleted, or otherwise anonymized, such that it no longer contains any proprietary Customer information. Deletion of Data by a Customer When a Customer deletes data in their SharpSpring account, in most cases, the data is deleted immediately. This behavior is referred to as a “hard” delete, which is in contrast to a “soft” delete, in which the data continues to exist but is simply marked as unavailable. When a Customer deletes a contact in their SharpSpring account, this is performed as a hard delete, and the data is removed immediately Document Disposal Routine Disposal Schedule Records which may be routinely destroyed unless subject to an on-going legal or regulatory inquiry are as follows: Announcements and notices of day-to-day meetings and other events including acceptances and apologies; Requests for ordinary information such as travel directions; Reservations for internal meetings without charges / external costs; Transmission documents such as letters, fax cover sheets, e-mail messages, routing slips, compliments slips and similar items that accompany documents but do not add any value; Message slips; Superseded address list, distribution lists etc.; Duplicate documents such as CC and FYI copies, unaltered drafts, snapshot printouts or extracts from databases and day files; Stock in-house publications which are obsolete or superseded; and Trade magazines, vendor catalogues, flyers and newsletters from vendors or other external organizations. In all cases, disposal is subject to any disclosure requirements which may exist in the context of litigation. Destruction Levels & Method Level I documents are those that contain information that is of the highest security and confidentiality and those that include any personal data. These documents shall be disposed of as confidential waste (cross-cut shredded and incinerated) and shall be subject to secure electronic deletion. Disposal of the documents should include proof of destruction. Level II documents are proprietary documents that contain confidential information such as parties’ names, signatures and addresses, or which could be used by third parties to commit fraud, but which do not contain any personal data. The documents should be cross-cut shredded and then placed into locked rubbish bins for collection by an approved disposal firm, and electronic documents will be subject to secure electronic deletion. Level III documents are those that do not contain any confidential information or personal data and are published Company documents. These should be strip-shredded or disposed of through a recycling company and include, among other things, advertisements, catalogues, flyers, and newsletters. These may be disposed of without an audit trail. Managing Records Kept on the Basis of this Document Record name Storage location Person responsible for storage Controls for record protection Retention time

Data storage policy

SharpSpring stores customer data in acccordance with GDPR requirements as set forth in the SharpSpring Data Protection policies.

Data center location(s)

United States

Data hosting details

Cloud Hosted

Data hosting company

GCP & AWS

App/service has sub-processors

yes

Guidelines for sub-processors

https://sharpspring.com/legal/subprocessors/

Certifications & compliance

Security