Data protection and security

Introduction

We are committed to protecting your privacy and ensuring the security of your personal data. This privacy information outlines how we handle customer data when using Plumsail Documents.

Data Collection and Use

Customer data is used exclusively to create the requested documents. This data, which is inserted into templates, is stored in our system only for the time necessary to generate the document and make it accessible to the recipient. After that, the customer data and generated documents are deleted.

Data included in templates created by customers is stored to enable ongoing use and customization of the templates. These templates, along with the data within them, are stored until deleted by the customer or until the end of the contract with Plumsail.

Data Security

We employ robust security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. We enforce strict access control policies to limit access to personal data to authorized personnel only. Measures such as multifactor authentication and multiple authorization procedures are in place to prevent unauthorized third-party access. The data stored in our system is encrypted at rest. This means that the data is protected when it is stored on our servers, ensuring that even if unauthorized access were to occur, the information would be unreadable without the proper decryption keys. We utilize advanced encryption standards (AES-256) to secure your data, which is widely recognized as one of the most secure encryption algorithms available. Additionally, we take steps to ensure the confidentiality of your data and implement measures to protect against data loss, including regular backups and disaster recovery plans.

Data hosting options

To provide flexibility and assurance, we offer multiple data hosting options. Customers can choose to have their data hosted in one of the following regions: the US, the EU, or Australia.

Data Processing Agreement

As part of our commitment to data protection, we have incorporated a Data Processing Agreement (DPA) into our service agreement. The DPA outlines the specific terms and conditions regarding the processing of personal data. It ensures that all processing activities are compliant with applicable data protection laws. The DPA details the roles and responsibilities of both the data controller (you) and the data processor (us), the types of personal data processed, and the security measures implemented to protect your data. Where necessary, the DPA includes Standard Contractual Clauses (SCCs) for the transfer of personal data to third countries to ensure adequate protection in compliance with data protection laws. It also includes provisions on data retention, data subject rights, and the procedures for data breach notification.

Compliance and Certifications

Plumsail prioritizes data security and regulatory compliance. While we are not currently certified under frameworks such as SOC 2 Type 2, we adhere to industry best practices and comply with applicable data protection laws. SOC 2 Type 2 is on our roadmap, and we are actively working towards achieving this certification.

We provide a self-assessment VSA-Core document outlining our security commitments and data handling practices for customers requiring additional compliance assurances.

Contact Information

If you have any questions or concerns about our privacy practices or this Privacy Information, please contact us at support@plumsail.com.

Frequently asked questions

1. What information we collect, when and how we use it?

Plumsail Documents follows strict data retention policies to ensure that customer data is not stored longer than necessary. The retention periods for different data types are as follows:

• Customer Data: Data used to generate documents is stored only for the duration of document processing. Once the document is created, the content data is immediately deleted from our servers.

• Templates: Customer-created templates, which may contain personal data, are stored until deleted by the customer or until the contract with Plumsail ends.

• Access logs: Access logs record information about who accessed what and when in the application. These logs are critical for security, compliance, auditing, and performance monitoring. We store them for 12 months.

• User Account Data: Information associated with customer accounts, such as names and email addresses, is retained for the duration of the customer’s use of Plumsail Documents. Customers can request deletion of their accounts and associated data by contacting our support team. If a customer does not renew their subscription, we will delete their account and associated data after 90 days.

2. How can I manage the privacy settings?

Plumsail provides users with tools to manage their privacy settings and control how their data is handled.

Customers can:

• Update account settings.

• Monitor account activity in the audit log.

• Delete their accounts at any time .

• Request complete data deletion by reaching out to support@plumsail.com.

Additionally, customers using browser-based applications can control data storage preferences via browser settings, including local storage and caching controls.

3. How do we protect your information?

As stated above, we store users’ account data and log files on our servers. Information about Documents sign-ups and log files is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology. All data transmitted between you and us is encrypted and sent using HTTPS.

4. Is Plumsail Documents GDPR-compliant?

Plumsail prioritizes customer trust. We know that customer data is important to our customers’ values and operations. That is why we keep it private and safe.

Review the Data Processing Agreement. It describes how we process data you send to us. The Data Processing Agreement is a part of the Master Service Agreement.

5. What are the data security best practices?

While Plumsail Documents employs strong security measures, customers also play a role in safeguarding their data. We recommend the following best practices:

• Enable Multi-Factor Authentication (MFA).

• Avoid using common or easily guessable passwords.

• Restrict API key access .

• If you need to share documents with support, remove or change sensitive information whenever possible.

• Ensure that any integrations you enable do not expose sensitive data to unintended parties.