Data Management and Security Practices

Overview

SupportLogic SaaS platform enables organizations to achieve customer success using the power of Machine Learning and Big Data analytics. It consists of three key elements: a lightweight data connector, data platform, and a web portal. All three elements are hosted in a secure cloud infrastructure. The lightweight data connector connects to your data sources such as your ticketing system of record or discussion forums using the authentication token that you provide us. All the data collection happens securely over SSL using REST APIs.


What data is collected?

  • Case details, notes, comments and discussions
  • Details of the customers who filed the tickets
  • Agent details
  • Product usage metrics

Data Flow Diagram

What about identifying information or sensitive data like usernames and passwords?

SupportLogic does not require login details or password to your ticketing system of record. However to use the SupportLogic application we require you to have an account created in our platform. We provide two options for account creation, you can create individual user accounts using your email address or sign-in with your existing slack credentials. If you use sign-in with slack functionality we collect your slack profile information.

Is data secured for streaming to SupportLogic?

Yes! All collected data is strongly encrypted using TLS 1.2 (and above) when streaming to SupportLogic.

Does SupportLogic make any changes to my ticketing system?

SupportLogic does not modify any of your existing data however it can optionally add new tags to your data sources and modify and delete the tags that it previously added.

How is data secured once it is received by SupportLogic?

Once collected, your data is securely stored in SupportLogic systems, and is retained and processed within a per customer virtual private cloud (VPC) (see Appendix B for the data flow diagram) Physical and network security are maintained in the datacenter to ensure only correctly authenticated access to your data and two factor authentication is enforced.

• Unused protocols are blocked with network firewalls and edge routers
• Internal firewalls are used to limit data to its respective application tier
• User and customer SupportLogic credentials are securely hashed (SHA-512) with a 192-bit random salt

​​All cloud services are managed through a secured global API gateway infrastructure. This API serving infrastructure is only accessible over encrypted SSL/TLS channels, and every request requires the inclusion of a time-limited authentication token generated via human login or private key based secrets through the authentication system described above.

How is the data stored at rest?

All the data that is stored in our cloud infrastructure is encrypted under the 256-bit Advanced Encryption Standard, and each encryption key is itself encrypted with a regularly rotated set of master keys.

Who has access to my data once it’s on the SupportLogic platform?

Only you − or someone you invite to your SupportLogic account − can see and run analytics against your data.

Is any of my data shared with anyone?

Only you can give access to your data by inviting new users to your account or by engaging a third party and explicitly providing access to your data. This access is read-only or to run analytics against the data − never to manipulate the data. You have the ability to grant or revoke visibility permissions and can remove access permission at any time. SupportLogic does not share individually-identifiable information with third parties without explicit direction from our users and customers. See Appendix C for our privacy policy

How long is the data stored?

SupportLogic uses the collected data for generating its machine learning models. Once the model is created the collected data is not needed, however SupportLogic may store the data to continuously improve its machine learning models.

Is data secured for streaming to SupportLogic?

Yes! All collected data is strongly encrypted using TLS 1.2 (and above) when streaming to SupportLogic.

What happens to the data after I delete my account or terminate my agreement with SupportLogic?

When your account is terminated SupportLogic tombstones all your data for eventual deletion. However at request your data will be deleted within 1 business day.

Can I delete specific case data from SupportLogic system?

Yes, please send a request to hello@supportlogic.io with the details of the support case. SupportLogic will delete the case data and send you a confirmation email within one business day.

Does SupportLogic use my data in any way other than for my own use?

Non individually-identifiable data may be queried by SupportLogic to provide system-wide analytics but it’s never shared with any third party.

Data Classification Matrix

Data TypeSensitivityAccessEncryption
Original ticketing dataConfidentialDesignated Support Logic employees only; 3rd-party sync serviceat rest and at transmission
Internal conversationsSensitiveDesignated Support Logic employees onlyat rest and at transmission
ML predictionsSensitiveDesignated Support Logic employees onlyat rest and at transmission
ML annotationsSensitiveDesignated Support Logic employees onlyat rest and at transmission
Product usage dataSensitiveDesignated Support Logic employees onlyat transmission