ImmiDB - Data Privacy & Security
Who has access
Only the users to which your organization via your administrators have granted access and authorized ImmiDB Sys Admins have access to your data.
"Your data is your data": it will never be shared in any form - electronically, verbally, or otherwise - with anyone without your organization's express consent.
Third Party Services including Google and Microsoft
ImmiDB integrates Third Party services like Google and Microsoft for email and calendars. Your organization chooses which of these services to integrate.
-
What information does ImmiDB Collect from these Third Party Services?
Login information including login tokens may be stored and are stored encrypted. This is only used for ease of use as you log into ImmiDB for automatic login into those services.
If your organization has enabled Automatic Note Append on Email Reply (Client notes automatically appended in ImmiDB if replying to a Note/Email sent from ImmiDB), then the email will be captured and stored in ImmiDB with the other Notes for that person/client - and can be viewed in the ImmiDB Notes list like all Notes.
No other data about you or from those services is captured or stored. When you view email or calendar information, the data is being pulled live from those services and not stored in ImmiDB.
-
Who is this information shared with? No one. Only users that your organization has authorized and authorized ImmiDB Sys Admins have access to this data. "Your data is your data" and it will never be shared without your explicit consent.
Security
Ensuring the safety and security of your and your data is a priority and constant concern. However, like all information provided via the internet there are no guarantees.
Our approach is to restrict access to two points:
- ImmiDB application. This is how you, the user, access the data. Your orgnization's adminstrators have control over user access and how this is locked down, including 2-factor authentication and IP whitelisting.
- Server login. ImmiDB servers reside in a virtual private network that can only be accessed via a private web gateway and is restricted to ImmiDB Sys Admin IP addresses.
The data is encrypted at rest and in transit (between the servers and browser). Passwords and other especially sensitive data have an extra layer of encryption. You can identify these fields as they are not displayed in the browser until that field is clicked.
Sys Admin Access
The Sys Admin can and will access data for system administration and infrastructure requirements. This would include admin setup, logs and information to understand usage (the amount of space used, hits, etc). Sys Admin access is restricted to specific ImmiDB invidual(s) for your organization.
Your organization can choose to always be informed when an ImmiDB Sys Admin accesses your organization's data at the time that they access it. This is true of however the data is accessed; whether through the application or server. If there is a production issue that immediately affects the usability of your database, we assume permission to access whatever data is needed to fix the issue as quickly as possible while keeping you informed during and after the issue. Also, your organization's adminstrator(s) can request Sys Admin access logs.
Data Export / Data Change Logs
We can manually export and provide your organization's data to your organization's administrator(s) upon request.
Almost all data changed via the application front end is logged with date and user. These change logs can be provided manually to your organization's administrators upon request.
Data Backups
Your organization's data is backed up nightly. Those backups are available for at least one month. These backups are intended for full database recovery in the event of a significant unplanned event.
Application Updates
Application updates typically occur every one to four weeks. These updates are normally done after normal business hours; ie, evenings and weekends. It's common that these application updates require data updates / conversions and Sys Admin login to verify the updates. We will inform your organization's administrator(s) after updates are completed unless they request being informed prior to each update.