Preventing Unauthorized Product Access. Outsourced processing: We host our Service with outsourced cloud infrastructure providers. Additionally, we maintain contractual relationships with vendors in order to provide the Service in accordance with our DPA. We rely on contractual agreements, privacy policies, and vendor compliance programs in order to protect data processed or stored by these vendors. Physical and environmental security: We host our product infrastructure with multi- tenant, outsourced infrastructure providers. We do not own or maintain hardware located at the outsourced infrastructure providers’ data centers. Production servers and client-facing applications are logically and physically secured from our internal corporate information systems. The physical and environmental security controls are audited for SOC 2 Type II and ISO 27001 compliance, among other certifications. Authentication: We implement a uniform password policy for our customer products. Customers who interact with the products via the user interface must authenticate before accessing non-public customer data. Authorization: Customer Data is stored in multi-tenant storage systems accessible to Customers via only application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure. The authorization model in each of our products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set. Application Programming Interface (API) access: Public product APIs may be accessed using an API key or through Oauth authorization.
Preventing Unauthorized Product Access. Outsourced processing: We host our Service with outsourced cloud infrastructure providers. Additionally, we maintain contractual relationships with vendors in order to provide the Service in accordance with our DPA. We rely on contractual agreements, privacy policies, and vendor compliance programs in order to protect data processed or stored by these vendors. Physical and environmental security: We host our product infrastructure with multi- tenant, outsourced infrastructure providers. The physical and environmental security controls are audited for SOC 2 Type II and ISO 27001 compliance, among other certifications. Authentication: We implement a uniform password policy for our customer products. Customers who interact with the products via the user interface must authenticate before accessing non-public customer data. Authorization: Customer Data is stored in multi-tenant storage systems accessible to Customers via only application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure. The authorization model in each of our products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set. Application Programming Interface (API) access: Public product APIs may be accessed using an API key or through Oauth authorization.
Preventing Unauthorized Product Access. Third party data hosting and processing: We host our Service with third party cloud infrastructure providers. Additionally, we maintain contractual relationships with vendors in order to provide the Service in accordance with our DPA. We rely on contractual agreements, privacy policies, and vendor compliance programs in order to protect data processed or stored by these vendors. Physical and environmental security: We host our product infrastructure with multi-tenant, outsourced infrastructure providers. Their physical and environmental security controls are audited for SOC 2 Type II and ISO 27001 compliance, among other certifications. Authentication: Customers who interact with the products via the user interface are required to authenticate before they are able to access their non-public data. We support two-factor authentication and highly recommend that each customer enable two-factor authentication on their Zapier account. Zapier also supports Single-Sign On for Team and Company accounts. Authorization: User Content (data originated by customers that a customer transmits through Zapier online service) is stored in multi-tenant storage systems which are only accessible to Customers via application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure. The authorization model in each of our products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set. Application Programming Interface (API) access: Public product APIs may be accessed using an API key or through OAuth authorization. Authorization credentials are stored encrypted.
Preventing Unauthorized Product Access. Outsourced processing: Keeper Security hosts its Service with outsourced, US-based data center providers. Additionally, Keeper Security maintains contractual relationships with vendors in order to provide the Service. Keeper Security relies on contractual agreements, privacy policies, and vendor compliance programs in order to assure the protection of data processed or stored by these vendors. Physical and environmental security: Keeper Security hosts its product infrastructure with multi-tenant, outsourced data center providers. The physical and environmental security controls are audited for SOC 2 Type II and ISO 27001 compliance, among other certifications. Authentication: Keeper Security implemented a uniform password policy for its customer products. Customers who interact with the products via the user interface must authenticate before accessing non-public customer data. Authorization: Customer data is stored in multi-tenant storage systems accessible to Customers via only application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure. The authorization model in each of Keeper Security’s products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set. Application Programming Interface (API) access: Public product APIs may be accessed using an API key or through Oauth authorization.
Preventing Unauthorized Product Access. Authentication: Customers or customer affiliates who interact with the Service via the user interface must authenticate to proceed. Authorization: Customer Data can be accessed by any individual authorized by the Customer and having the required authentication details.
Preventing Unauthorized Product Access. Outsourced processing: If we are hosting the Services, they are hosted with outsourced infrastructure providers. Additionally, we maintain contractual relationships with vendors to provide our Services in accordance with our DPA. We rely on contractual agreements, privacy policies, and vendor compliance programs to protect data processed or stored by these vendors.
Preventing Unauthorized Product Access. Outsourced processing: Blogman DMCC hosts its Services with third party service providers. Additionally, Blogman DMCC maintains contractual relationships with service providers in order to provide the Service in accordance with our Data Processing Agreement. Blogman DMCC relies on contractual agreements, privacy policies, and service providers compliance programs in order to protect data processed or stored by these service providers. Physical and environmental security: Blogman DMCC hosts its product infrastructure with multi-tenant, outsourced infrastructure providers. The physical and environmental security controls are audited for SOC 2 Type II and ISO 27001 compliance, among other certifications. Authentication: Blogman DMCC implemented a uniform password policy for its Service. Users who interact with the Service must authenticate before accessing non-public data. Authorization: Client data is stored in multi-tenant storage systems accessible to users via only application user interfaces and application programming interfaces. Users are not allowed direct access to the underlying application infrastructure. Application Programming Interface (API) access: Public product APIs may be accessed using an API key or through Oauth authorization.
Preventing Unauthorized Product Access. Outsourced processing: Lightspeed hosts its services on third party Hosting infrastructure in form of data centers and Infrastructure-as- a-Service (IaaS). Additionally, Lightspeed maintains contractual relationships with vendors in order to provide the service in accordance with our DPA. Lightspeed relies on contractual agreements, privacy policies, and vendor compliance programs in order to protect data processed or stored by these vendors.
Preventing Unauthorized Product Access. Outsourced processing: SyncForce hosts its Service with outsourced cloud infrastructure providers. Additionally, SyncForce maintains contractual relationships with vendors in order to provide the Service in accordance with our Data Processing Agreement. SyncForce relies on contractual agreements, privacy policies, and vendor compliance programs in order to protect data processed or stored by these vendors. Physical and environmental security: SyncForce hosts its product infrastructure with multi-tenant, outsourced infrastructure providers. The physical and environmental security controls are audited for SOC 2 Type II and ISO 27001 compliance, among other certifications. Authentication: SyncForce implemented a uniform password policy for its customer products. Customers who interact with the products via the user interface must authenticate before accessing non-public customer data. Authorization: Customer data is stored in multi-tenant storage systems accessible to Customers via only application user interfaces and application programming interfaces. Customers are not allowed direct access to the underlying application infrastructure. The authorization model in each of SyncForce’s products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against the attributes associated with each data set. Application Programming Interface (API) access: Public product APIs may be accessed using an API key or through Oauth authorization.
Preventing Unauthorized Product Access. A. Outsourced processing: OpsRamp hosts its Service in a colocation and outsourced cloud infrastructure providers. OpsRamp maintains contractual relationships with vendors and, if applicable, Sub-processors in order to provide the Service in accordance with our DPA.
B. OpsRamp relies on contractual agreements, privacy policies, and vendor compliance programs to protect data processed or stored by these vendors.
C. Physical and environmental security: OpsRamp hosts its product infrastructure with multi-tenant, outsourced infrastructure providers. The physical and environmental security controls are audited for SOC1, SOC2 Type II and ISO 27001 compliance, among other certifications.
D. Authentication: OpsRamp implemented a unified password policy for its Platform.
E. Partner who interact with the platform via the user interface must authenticate before accessing their data. OpsRamp also has a provision for integrating with various single sign on tools or use OpsRamp’s two-factor authentication mechanisms.
F. Authorization: Partner data is stored in multi-tenant storage systems accessible to Partner via only application user interfaces and application programming interfaces. Partner are not allowed direct access to the underlying application infrastructure. The authorization model in each of OpsRamp’s products is designed to ensure that only the appropriately assigned individuals can access relevant features, views, and customization options. Authorization to data sets is performed through validating the user’s permissions against role-based access policies defined by the Partner.
G. Application Programming Interface (API) access: Public product APIs may be accessed using an API key or through Oath authorization.
