AppOmni Inc Product Privacy Data Sheet

At AppOmni, we care about our customers’, employees’, and end-users’ privacy, and have implemented a series of processes, policies, and measures to comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and all other applicable privacy regulations. This Privacy Data Sheet describes the processing of personal data (or personally identifiable information) by AppOmni’s products services in the provision of such services to its enterprise customers.

When providing AppOmni’s services to customers, we are processing their personal data on behalf of such customers and are therefore acting as data processor. We have set up the following mechanisms, processes and policies, to comply with applicable privacy laws:

Overview of AppOmni SaaS Security Management Platform

The AppOmni SaaS Security Management platform enables companies to better secure their SaaS data, while decreasing the workloads of security and IT teams.

  • Delivers centralized visibility
  • Provides unmatched data access management
  • Offers security controls that integrate seamlessly into any SaaS environment

 

AppOmni has established detailed policies and procedures illustrating its data flows and processing practices and we document any decision-making reasoning relating to personal data. This includes:

  • Internal data protection policies, including details of:
    • Categories of processing carried out per controller
    • Applicable processing purposes
    • Data sharing and data retention practices
    • Security measures
  • Staff training
  • Annual internal audits of processing activities

 

The following paragraphs describe which personal data AppOmni processes to deliver its services, the location of that data and how it is secured in accordance with privacy principles, laws and regulations.

1 Personal Data Processing

AppOmni SaaS Security Management Platform

The table below lists the personal data used by AppOmni to carry out its services and describes why AppOmni processes such data.

Personal Data

Purpose of Processing

Customer Account Data (Customer contact info for product users)

Creating an account

– Data collected are for product enablement, product use notifications, training and support only

 

Customer Identification Information (Name and email address of Customer users within the Customer SaaS systems protected by AppOmni services)

Providing the service

– Data used to provide the services.

 

Customer Support Data

AppOmni may receive and process PII that is provided by an AppOmni customer when they make a support request to AppOmni (“Customer Support Data”). AppOmni only processes this data to assist the customer in resolving the issue and to improve AppOmni’s services and support function.

Outside of the necessary requester contact information, AppOmni does not intentionally collect or process PII via a customer support request. AppOmni instructs customers to provide the minimum amount of personal data necessary to adequately provide the support request. Nonetheless, a customer may provide unsolicited personal data in the request or supporting attachments.

Personal Data

Purpose of Processing

Customer Support Data

The below is representative though not exhaustive list of the information a customer may provide to AppOmni in a support request that may contain PII: name, email address, phone number of employee making request, information regarding support issue, software and/or hardware configuration files provided to enable support request, error-tracking files)

 

— Provide customer support

— Review and improve the quality of support service

— Improve AppOmni Services

 

Customer Support Case Attachment

The below is representative though not exhaustive list of the information a customer may provide to AppOmni in a support request that may contain PII: device configuration, command line interface (i.e. show commands), product identification numbers, host names, IP addresses, operating system (OS) feature sets, OS software version, browser type and version

— Provide customer support

— Review and improve the quality of support service

— Improve AppOmni Services

 

2 Cross Border Transfers

When a new customer purchases a subscription to AppOmni services, that customer’s Customer Account Data is always created, processed, and stored in North America.

AppOmni services are hosted on the Google Cloud Platform in the United States or Europe (at Customer’s discretion). For information regarding Google Cloud Platform compliance/certification please refer to documentation online at https://cloud.google.com/security/compliance.  Certifications and SOC reports are listed on this webpage.

For information regarding GDPR impacts to cross border data transfers, please see the section on GDPR.

3 Access Control

Personal Data

Who has Access

Purpose of Access

Customer Account Data

Customers

Granting and managing access to their own account.

Customer Account Data

AppOmni Employees – Licensing Operations, Engineering Operations and Support staff only

Creating an account and validating license entitlements and general product support and operations

Customer Identification Information

AppOmni Employees –Engineering Operations and Support staff only

Providing the services and general product support and operations

 

Customer Support Data

Customers

Submitting customer support requests

 

Customer Support Data

AppOmni Employees – Licensing Operations, Engineering Operations and Support staff only

 

Providing customer support

4 Data Retention

Customer Account Data –

Customer account data is retained for as long as customer is an active customer of AppOmni services. In the event that a customer terminates its subscription, AppOmni will retain such Customer Account Data for up to 90 days after termination after which AppOmni removes all stored contact information, including potential PII, from all instances of AppOmni’s product and customer relationship management platforms. AppOmni retains basic customer relationship management data information of a customer as necessary to ensure support of recurring issues and to comply with audit policies related to business records of services provided to customers.

Customer Identification Information

Customer Identification Information is retained for as long as customer is an active customer of AppOmni services. In the event that a customer terminates its subscription, AppOmni will retain such Customer Identification Information Data for up to 90 days after termination after which AppOmni removes all stored information, including potential PII, from all instances of AppOmni’s product platforms.

Customer Support Data – Customer Support Data is retained for as long as the customer is an active AppOmni Brand Protection customer. In the event a customer terminates their subscription, AppOmni will retain Customer Support Data until the customer requests in writing that AppOmni remove all Customer Support Data, including potential PII from AppOmni systems and third-party customer support platforms. AppOmni retains related support data as necessary to ensure support of recurring issues and to comply with audit policies related to business records of services provided to customers.

5 Personal Data Security

AppOmni has governance measures in place and has built its processing practices around the principles of data protection by design and by default. This includes data minimization, pseudonymization (where possible), allowing end-users to monitor the processing, and enhanced and up-to-date security features, such as encryption, confidentiality, integrity, resilience of processing systems, and ability to restore personal data in a timely manner in the event of an incident. AppOmni’s technical and organizational measures and risk mitigation plans are audited, tested, and re-evaluated on an annual basis to ensure the appropriateness of its systems, networks, and business practices on an ongoing basis. AppOmni has disaster recovery procedures set up to restore personal data in case of any security incident.

Personal Data

Type of Encryption

Customer contact info for product admins and users

Encrypted in transit and encrypted at rest.

Customer Identification Information

Encrypted in transit and encrypted at rest.

Customer Support Data

Encrypted in transit and encrypted at rest.

AppOmni will notify its customers without undue delay after learning of a data breach, if required by law, and has mechanisms by which it can detect and report data breaches.

6 Third-Party Service Providers

AppOmni’s agreements with its sub-processors reflect the obligations and commitments it has and makes to its customers. AppOmni conducts prior due diligence on sub-processors before contracting with them.

The below table lists AppOmni’s third party sub-processors that may process Customer personal information.

Subprocessor

Potential Customer Data Access

Processing Activity

Data Location

Security/Privacy Program Link

Google Cloud Platform

Any Customer Data provided to AppOmni

Data Center for all Services

U.S. or EU

https://cloud.google.com/security/compliance

 

Pendo

Customer email addresses

Product Usage and Feedback

U.S. or EU

https://www.pendo.io/data-privacy-security/

Mailgun

Customer email addresses

Customer can configure AppOmni policy scans to be sent to predefined customer email addresses.

U.S. or EU

https://www.mailgun.com/privacy-policy/

Tray.io

Customer system usernames

Customer can configure AppOmni policy scans to be shared with third party integrations (e.g. MS Teams, Jira, and Slack)

U.S.

https://tray.io/products/why-tray/trust

Salesforce

Customer contact information

Sales Account Records

U.S.

https://trust.salesforce.com/en/

ZenDesk

Customer contact information

Support Tickets

U.S.

https://www.zendesk.com/company/privacy-and-data-protection/

7 GDPR (General Data Protection Regulation)

AppOmni’s relationship with controllers

 

In providing the AppOmni services, AppOmni only processes personal data upon the documented instructions of its customers. To that end, AppOmni has template data processing agreements ready for use with its customers, which include the following provisions:

  • Subject matter and duration of processing
  • Nature and purpose of processing
  • Type of personal data and category of data subject in question
  • Obligations and rights of our customers (as data controllers).

 

AppOmni imposes confidentiality obligations on its authorized personnel who process the personal data. AppOmni has implemented measures to assist its customers in complying with data subjects’ rights and requests.

Data Transfers to countries outside the EEA

We share data both with our affiliated companies within the AppOmni group and certain external third parties who are based outside the European Economic Area (“EEA”). Any such processing will involve an export of data outside of the EEA. We endeavor to ensure that people to whom we provide personal data hold it subject to appropriate safeguards and controls. Whenever we transfer our customers’ employees’ personal data out of the EEA to countries that have not been deemed to provide an adequate level of protection for personal data by the European Commission, we ensure a similar degree of protection is afforded to it by implementing the following safeguards:

 

For example, our cloud storage provider is Google Cloud Platform and we have entered into GDPR-compliant data processing terms, which incorporate by reference Model Contractual Clauses.

Based on AppOmni’s understanding of GDPR, in consultation with other large, multinational organizations doing business in the EU, data containing personal data as defined by GDPR, including email addresses of individuals, may lawfully be transferred and reside outside the EEA for the purposes of processing such data to legitimately protect their organizations from cyberattacks.

It is AppOmni’s belief and assumption that it meets all current applicable data protection requirements as laid out by the GDPR for the purposes of cross border transfers of personal data.

For further information on AppOmni’s data protection practices, please contact privacy@appomni.com.