It’s All About Data Privacy
DeepHow believes that customer data is the most valuable asset that has been entrusted to us. We always want our customers to feel safe while creating their workflows in our application. Therefore, security is at the heart of all DeepHow operations.
While we do our best to limit data privacy and security risks using the measures described below, no internet-based technology can ever be 100% secure, and we encourage users to employ strong passwords and monitor accounts closely. You may always contact us with questions or concerns at the following email address: support@deephow.com.
DeepHow was built from the bottom up to meet the security and privacy needs of enterprise customers. DeepHow continually makes the security and privacy of data a key priority in all areas (from design, and development to production). Our developers and programmers are required to always use a formalized secure Software Development Life Cycle (SDLC) methodology framework.
DeepHow has implemented a range of measures designed to protect the Confidentiality, Integrity, and Availability of the data of our clients while providing value to the way we conduct business. Protection of Confidentiality, Integrity, and Availability are basic principles of information security and can be defined as:
● Confidentiality – Using controls designed to ensure that DeepHow customer information is accessible only to those entities that are authorized to have access, many times enforced by the classic “need-to-know” principle.
● Integrity – Striving to protect the accuracy and completeness of DeepHow customer information and the methods that are used to process and manage it.
● Availability – Implementing measures designed to keep DeepHow information assets (information, systems, facilities, networks, and computers) accessible and usable when needed by an authorized entity.
DeepHow has recognized that our business information is a key asset and as such, we consider our ability to manage, control, and protect this asset to be a significant component of our future success.
Our organization maintains policies designed to preserve the security and privacy of our data. Among others, we expect employees to adhere to the following principles and practices:
During employment, all staff using DeepHow information assets shall apply security measures following all relevant regulations, rules, policies, and procedures.
Steps we take to ensure employees embrace a security-conscious culture are:
Roles and Responsibilities: All staff members are properly briefed on their information security roles and responsibilities before being granted access to DeepHow information systems. Staff are provided sufficient guidelines outlining the Information security expectations for their role within DeepHow.
Training: A quarterly cybersecurity training is conducted to sensitize staff and to maintain a security culture in DeepHow.
Agreement: Employees are required to sign an NDA before finalizing their employment. Each employee is required to sign the statement of confidentiality and privacy before they are provided system access or start working with DeepHow.
Unique Authentication: Unique user IDs are required for DeepHow employees when accessing all systems that may contain customer data. Provision is also made to support the Identity Federation to allow Single-Sign-On (SSO) authentication.
DeepHow embraces and practices the culture of confidentiality. We have a Privacy Policy document to further express our devotion to securing your data.
DeepHow Corporation understands the need to keep customer-sensitive data safe and we are committed to protecting your privacy online. Our customers trust us with their sensitive data, therefore, we have an overview of how we interact, process, and store the data.
All customer data is isolated, and encrypted at rest and in transit. We have a SOC2 Type2 certification and several third-party vulnerability assessment tools. Our security policy shows details of our approach to security.
We require access to a list of your employee ID/Name, email address, and worksite. Video, photo, and voice data are also collected.
No. We need access to basic information to create a profile for your staff, all information required by us is categorized as public by most organizations.
We take measures to ensure we only collect relevant data; we understand that once we receive data it becomes our security responsibility. DeepHow does not intentionally collect payment card information, date of birth, staff phone number, staff address, age, or Government ID (SSN, DL number, etc.). In addition:
● We provide a format/structure of data you’ll share with us
● We review the data with your designated personnel to ensure excess information is removed if present
We collect your data:
● To communicate with you and other individuals
● To provide you with the application and the services
● To notify you about changes to the application or the services
● To audit and monitor the use of the application
● To improve the quality of the application and the services
● To manage complaints, feedback, and queries
● To carry out market research and analysis
● To carry out satisfaction surveys and analysis
● To provide you with information about the Services we offer (including details of any products that we believe may be of interest to you) following your preferences as indicated when you entered into any agreement with us, including any marketing consent preferences
● To comply with any legal or regulatory obligations (including in connection with a court order)
● To enforce or apply the agreements concerning you (including agreements between you and us)
We process your data in our cloud environment using our proprietary Stephanie AI technique. Both processed and unprocessed versions of your data are always encrypted and kept in our secured storage facilities in the cloud. The processed data are managed by your organizational administrator by assigning them to your employees as needed. We do not sell your data to any third-party organization. If at all needed, data sharing with sub-processors or partners is carried out consistent with all applicable laws, including for customer and data subject disclosures and consents.
All your data is isolated and encrypted at rest with AES-256 encryption. All outbound and inbound data transmissions are encrypted using TLS 1.2 or later. We provide a robust and enough capacity that ensures that access to non-privileged accounts, privileged accounts, and all local accounts shall be authenticated with passwords, personal identification numbers (PINs), tokens, biometrics, or in the case of multifactor authentication (MFA), and some combination thereof.
Customer data is logically separated in DeepHow. We provide token-based authentication for every authorized access in all our platforms. We do not mix customers' data.
DeepHow supports the following Single-Sign-On (SSO) authentication standards:
Our infrastructure and data are spread across GCP, MS Azure, and AWS zones to ensure our services will continue to be available even if one of those data centers fails. All of our servers are in our virtual private cloud (VPC) with network access control that prevents unauthorized access.
In all the stages of our SDLC, security is considered as part of the process and not an add-on.
In addition, we have SOC 2 Type 2 audit certification and conduct regular third-party vulnerability assessment and penetration testing to identify and mitigate potential vulnerabilities.
The product is accessed by users through browser, Windows, Android, iOS, and MacOS apps using a conventional username and password. The users can also use Single Sign-on (SSO). Access to your instance as a client is governed by roles and access rights configured by your designated “Organization Administrator”.
Backups (database and file) are triggered automatically daily at certain intervals without impacting the current state of the instances. All backups are stored securely using the appropriate API responsible for backups on each cloud platform. Our archive is stored on AWS on US-West-2.
Our clients maintain full ownership of their data created or uploaded in DeepHow.
DeepHow is compliant with Service Organization Controls (SOC) 2 Type 2. Our SOC 2 Type 2 report assures that DeepHow’s security program and control environments comply with Trust Service Criteria developed and maintained by AICPA. The report covers the controls implemented in DeepHow which include, access management, encryption, monitoring, vulnerability management, incident management, risk management, vendor management, human resource management, and more.
DeepHow’s SOC 2 Type 2 report is available on request (under NDA) to our existing and potential customers.
In our environments, we have been able to scan and generate compliance reports based on standard controls and checklist evaluations. These compliances that our system is subjected to include:
