Data protection policy

Last updated: June 10, 2024.

At Strive Software, Inc., we understand that the security of your data is of paramount importance. We are committed to implementing and maintaining robust security measures to ensure the confidentiality, integrity, and availability of your private customer data. Our founders bring extensive experience in designing, implementing, and maintaining large-scale secure systems, including a secure telephone call recording system for a major service provider.

1. Data Encryption

  • Data at Rest: All customer data stored in our systems is encrypted using advanced encryption standards. We utilize Google Cloud’s encryption mechanisms to ensure data is protected against unauthorized access.
  • Data in Transit: We employ Transport Layer Security (TLS) to encrypt data as it moves between our servers and your devices. This ensures that data is secure from interception during transmission.

2. Access Control

  • Two-Factor Authentication (2FA): We enforce 2FA for all administrative access to our systems, adding an additional layer of security to prevent unauthorized access.
  • Role-Based Access Control (RBAC): Access to customer data is restricted based on roles and responsibilities within our organization. Only authorized personnel with a legitimate need to access the data can do so.

3. Data Handling and Storage

  • Secure Storage on Google Cloud: We leverage Google Cloud's infrastructure to store and manage customer data securely. Google Cloud provides robust security features, including encryption at rest and in transit, multi-factor authentication, and comprehensive audit logging.
    • Encryption: All data is encrypted at rest using AES-256, one of the strongest block ciphers available. This ensures that data remains secure even if physical storage devices are compromised.
    • Access Controls: Google Cloud's Identity and Access Management (IAM) allows us to enforce fine-grained access policies, ensuring that only authorized personnel have access to sensitive data.
    • Audit Logging: Comprehensive audit logs are maintained to track access and modifications to data, providing full visibility into data handling activities.
    • Regular Security Assessments: Regular security assessments and penetration testing are conducted to identify and mitigate potential vulnerabilities in our systems.
  • Compliance Benefits: By utilizing Google Cloud, we benefit from their compliance with various industry standards and certifications, including:
    • SOC 2: Google Cloud's SOC 2 certification ensures that our data handling practices meet strict criteria for security, availability, processing integrity, confidentiality, and privacy.
    • ISO 27001: Google Cloud’s ISO 27001 certification demonstrates a robust information security management system (ISMS), ensuring that our data is managed with the highest standards of security controls.
    • PCI DSS: For customers in the payment card industry, Google Cloud's PCI DSS compliance ensures that we meet stringent requirements for storing, processing, and transmitting cardholder data.
    • HIPAA: Google Cloud's HIPAA compliance ensures that we can securely handle protected health information (PHI) for our customers in the healthcare industry.

  • Data Minimization: We collect and store only the data necessary for providing our services, minimizing the exposure of sensitive information.
  • Data Retention: Customer data is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by law.

4. Security Monitoring and Incident Response

  • Continuous Monitoring: We continuously monitor our systems for potential security threats and vulnerabilities. Our security team responds promptly to any identified issues.
  • Incident Response Plan: In the event of a security incident, we have a comprehensive incident response plan in place to mitigate any potential impact and to notify affected customers in a timely manner.

5. AI Model Usage and Data Privacy

  • External AI Models: Customers can choose to use external models such as OpenAI. We ensure that any data shared with these models is protected through secure APIs and complies with our data privacy policies.
  • Internal AI Models: Alternatively, customers can opt to use our internal AI models, which operate within our secure environment, providing an added layer of data security.

6. Compliance and Best Practices

  • Industry Best Practices: We adhere to best practices and guidelines set forth by leading security frameworks and standards. Our security measures are aligned with industry standards to ensure the highest level of data protection.
  • Continuous Improvement: We are committed to continually improving our security posture and staying abreast of emerging security threats and technologies.

Conclusion

At Strive Software, Inc., we take the security of your data seriously. Our comprehensive data security measures are designed to protect your data from unauthorized access, ensure its integrity, and maintain its availability. We are committed to maintaining your trust by safeguarding your data with the highest level of security standards and best practices.

For any questions or further information about our data security policies, please contact Constantin Chifor at constantin (at) strive (dot) us.

Make hidden business value easy to see.

Sign up for our newsletter.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Interface screenshot of Strive's go-to-market strategy assistant with options to get started, upload content, and several action buttons for prioritizing tasks and scheduling updates.
LinkedIn logo, a blue square with a white 'in' inside, representing a link to the company's LinkedIn profile.
PRODUCT
Product overview
Data and integrations
Virtual PM assistant
Smart AI
OTHER
Terms of use
Data protection policy
Terms of service
Privacy policy
Cookie policy
Subprocessors
Launching Fall 2024.