AnalysisPlace Customer Data Security Policy
Our objective is to collect a minimum amount of customer data, to strongly secure that data, and to tightly restrict access to that data.
Minimal Access to Customer Data
- Only select employees have access to customer data. Currently, only the owners have access to the servers that contain customer data. However, in the future, it may be necessary to have one or more other people access the database. Anyone who has access to customer data will be covered by confidentiality agreements. They must agree to abide by our security policy.
- Developers/subcontractors only access development servers. Development servers do not contain customer data.
- All customer data is always transmitted using encryption (SSL/TLS)
Customer Data security
- “Content data” is only stored on the server temporarily to allow transfer from the source document (Excel) to the destination document (Word or PowerPoint).
- “Usage data” and “customer templates” are stored on the server and may be deleted periodically (when the account becomes inactive)
- We will never share Customer Data with 3rd parties without written customer consent
- We do not collect or store credit card information. We use 3rd party vendors, such as PayPal, to process credit card data.
User Account Data Retention
- We may delete accounts that have been inactive for more than two years and where the user has never engaged in any meaningful activity.
Customer Reference Listing
- We may list your customer organization name and logo on our website as a Customer Reference. It will not contain other information without your permission.
- We will never sell or share customer lists (e.g. containing email addresses or any other personally identifiable information) with third parties without your explicit permission
- May transfer customer emails to a newsletter management system, such as MailChimp
- We will send system messages (account-related email messages that are triggered by your site activity, such as welcome emails, notifications, and reminders), occasional legal messages, and occasional informational newsletters to registered users
User Access Control
- AnalysisPlace.com registration is automatically verified via e-mail before add-in access is granted.
- Passwords are not stored on the client (only an authentication token is)
- Business customers
- Administrators will receive a monthly list of users who have access
- Users must sign in using e-mail and password before accessing customer data (e.g. report templates) and other business features
- AnalysisPlace website/database website hosting providers (Managed.com and Microsoft Azure) automatically backup data, typically on a daily basis.
- AnalysisPlace also periodically backs up website and some database data and downloads the data and saves the data in an encrypted format on a physically secured hard drive and/or optical media. These backups do not contain customer “content data” or "cloud report" files.
There are 2 databases that store Customer data: “Account Data” and “Add-In Data”
Only includes what each user enters when they register at AnalysisPlace.com (includes email, password, first name, last name, and company name)
The user password is only stored in this one database (and is stored in a standard encrypted (SALTed Hash) format) and is never stored elsewhere. A temporary Authentication Token is stored on the client (similar to a cookie) to avoid requiring frequent sign-ins.
Account data may be deleted after 2 years of inactivity.
The following types of data are stored on the “AnalysisPlace API” server (hosted by Microsoft Azure):
- “Usage data” – this is logged data (such as count of updates, size of each update, file name, user operating system version data, and logged errors). This is collected for quality purposes and to assess usage by user and by company. Usage data may also be used to determine customer costs (depending on subscription type). This data may be retained until AnalysisPlace determines the account to be inactive.
- “Content Data” - This is the data in the Excel named ranges and base64-encoded chart data that is transferred to Word and/or PowerPoint when you click "Submit Content". For Windows Word Add-in updates your data is submitted as a "Direct Transfer" and stored on your device. When using a Mac or performing operations that require uploading of content/documents "Cloud Transfer" is used, where the data is temporarily stored in our server when it is “Submitted” from Excel. Data from subsequent "Submits" overwrite data from the prior "Submit". Other users cannot access your "Content Data". This data is automatically deleted from the server every day. It is not retained beyond 48 hours. It may be viewed by authorized AnalysisPlace employees for troubleshooting or support purposes only. AnalysisPlace does not back-up this data and it is never transferred to or shared with 3rd parties. For more information see Content Transfer Method: Direct versus Cloud.
- “Cloud Report” files - these are created when any user updates a PowerPoint document, or clicks “Upload Document” (for large document updates), or creates a Business cloud report (from a template). When the server creates/updates the document, the document is temporarily stored on the server (as a file) so the user can then download it. These files are automatically deleted from the server every day. They are not retained beyond 48 hours. They may be viewed by authorized AnalysisPlace employees for troubleshooting or support purposes only. AnalysisPlace does not back-up these files and they are never transferred to or shared with 3rd parties.
- “Cloud Templates” (Business version or the APIs) - for cloud reports/APIs, the templates that you upload are stored on the server. These files are retained until you delete them or the agreement is terminated.