The security and privacy of your data is extremely important to us and we are very careful with it. This page summarizes what customer data we collect, why we collect it, what we do and don’t do with it, and how we store it. Please also see our Privacy Policy, Microsoft Publisher Attestation (self-assessment), Content Uploading and Content Transfer Method, and Technical Architecture.
AnalysisPlace Customer Data Security Policy
Our objective is to collect a minimum amount of customer data, to strongly secure that data, and to tightly restrict access to that data.
Minimal Access to Customer Data
- Only select employees have access to customer data. Currently, only the owners have access to the servers that contain customer data. However, in the future, it may be necessary to have one or more other people access the data. Anyone who has access to customer data will be covered by confidentiality agreements. They must agree to abide by our security policy.
- Developers/subcontractors only access development servers. Development servers do not contain customer data.
Encryption
- Encrypted in transit - All customer data is always transmitted using encryption (SSL/TLS)
- Encrypted at rest – All customer data is stored using encryption, whether it is stored in our Azure SQL database, Azure file (blob) storage, or on our Azure App Service servers.
Customer Data security
- “Content data” is only stored on the server temporarily to allow transfer from the source document (Excel) to the destination document (Word or PowerPoint).
- “Usage data” and “customer templates” are stored on the server and may be deleted periodically (when the account becomes inactive)
- We will never share Customer Data with 3rd parties without written customer consent
- We do not collect or store credit card or other payment information. We use established 3rd party vendors, such as PayPal, Stripe, and Microsoft to process credit card and other payment data.
- We do not (and cannot) view, collect or store user credentials (passwords). This is managed by authentication providers, such as Microsoft.
User Account Data Retention
- We may delete accounts that have been inactive for more than two years and where the user has never engaged in any meaningful activity.
Customer Reference Listing
- We may list your customer organization name and logo on our website as a Customer Reference. It will not contain other information without your permission.
Emails
- We will never sell or share customer lists (e.g. containing email addresses or any other personally identifiable information) with third parties without your explicit permission
- We may transfer customer emails to an established newsletter management system, such as MailChimp. Any such third parties will be covered by strict confidentiality and security agreements.
- We may send system messages (account-related email messages that are triggered by your site activity, such as welcome emails, notifications, and reminders), occasional legal messages, and occasional informational newsletters to users.
User Access Control
- AnalysisPlace registration is automatically verified via e-mail before add-in access is granted.
- AnalysisPlace cannot see or access customer passwords and AnalysisPlace does not store passwords. Passwords are managed by authentication providers (Microsoft).
- The system was designed so a user cannot have access to another user's data/files (unless the user shares their credentials with another user; which is not allowed in our terms of use).
- Business customers: Administrators can view individual user usage statistics
Backup data
- AnalysisPlace website/database website hosting provider (Microsoft Azure) automatically backup data, typically on a daily basis.
- AnalysisPlace also periodically backs up website and some database data and downloads the data and saves the data in an encrypted format on a physically secured hard drive and/or optical media. These backups do not contain customer “content data” or "cloud report" files.