Technical & Organizational Terms
Effective: October 01, 2018
Updated: June 21, 2019
We take the security of your data very seriously at HCG Partners GmbH. We aim to be as clear and open as we can about the way we handle security.
If you have additional questions regarding security, we are happy to answer them. Please write to firstname.lastname@example.org and we will respond as quickly as we can.
We place strict controls over our employees’ access to the data our users make available via the QuickMail.io services, as more specifically defined in our Terms and Conditions & Privacy with covering the use of the QuickMail.io services. We are committed to ensuring that Customer Data is not seen by anyone who should not have access to it. The operation of the QuickMail.io services requires that some employees have access to the systems which store and process Customer Data. For example, in order to diagnose a problem with the QuickMail.io services, we may need to access Customer Data. A limited number of developers have access to production data to monitor, diagnose and debug problems. We have technical controls to ensure that any access to Customer Data is logged.
Our list of subcontractors is as follows:
Stripe (for credit card processing)
Helpscout (for support communication)
Hatchbuck for marketing communications
We’ll communicate with those services you already use (depending on the inbox you give us access to: G Suite, Microsoft Outlook or other email systems)
Security Features for Team Members & Administrators
In addition to the work we do at the infrastructure level, we provide Account Administrators (as determined by permissions in the application) the ability to prevent support from accessing their data, and dispose automatically of old data in their accounts (data retention policy).
Detailed access logs are available both to users and administrators. We log every time an account signs in, or perform an action on our system.
Team Administrators and owners can review consolidated access logs for their whole team (on a per demand basis to support). We also allow administrators to remove team members’ permissions with immediate effects.
We rely on 4 single-sign-on providers: Google, Outlook, Facebook and LinkedIn. Two-factor Authentication can be activated for some of them. We will communicate with those services to authenticate access.
We don’t provide another way of signing in to the system.
Owners of accounts can configure custom prospect retention policies on a team-wide basis. Setting a custom duration for retention means that prospects who have not been modified for a certain amount of time (specified in days by the team administrator(s)) will get deleted automatically (we also provide the ability to prevent re-adding of those prospects who were deleted). Deletion happens on a nightly basis.
Deletion of Customer Data & Return of Customer Data
Data Encryption In Transit and At Rest
All communication between server and clients are encrypted using SSL communication.
We further encrypt all database fields that can be a source of an exploit if stolen (such as SMTP passwords or sending tokens from using Gmail or Outlook)
Our infrastructure relies on our hosts (Heroku & AWS) to provide fault-tolerant systems. New releases may temporarily prevent users from accessing data.
Customer Data is stored redundantly at multiple locations in our hosting provider’s data centers to ensure availability. We have well-tested backup and restoration procedures, which allows recovery from a major disaster. Customer Data is automatically backed up nightly. Backups are regularly fully tested to confirm that our processes and tools work as expected.
Users who can modify production data have screen lockouts and full disk encryption.
We maintain an extensive, centralized logging environment in our production environment, which contains information pertaining to security, monitoring, availability, access, and other metrics about the QuickMail.io services.
Incident Management & Response
In the event of a security breach, QuickMail.io will promptly notify affected users of any unauthorized access to your Customer Data. QuickMail.io has incident management policies and procedures in place to handle such an event.
Product Security Practices
New features, functionality, and design changes go through a security review process prior to being released in production.