Datasert Privacy Policy
This Privacy Policy explains how Datasert ("Datasert", "we", "us", "our") collects, uses, shares, and protects information when you use our products and services, as well as our websites and support channels.
Related Documents. This Privacy Policy works together with our Terms of Service and Data Processing Addendum (DPA). To the extent Customer Data includes Personal Data processed by Datasert on behalf of Customer, the DPA applies and is incorporated by reference.
Scope & Products
This policy applies to Datasert's products and services, including Brobench (a desktop app) and Realtask/Realsync/Metasync (online apps), along with related websites, documentation, and support channels that reference this policy.
Desktop Products (Brobench/Realfire). Desktop Products are applications that run on your device. Data created or stored by these apps may remain on your device unless you enable features that send data to external services (for example, Google Sheets or Office 365 Sheets). Desktop Products are Brobench and Realfire.
Online Products (Realtask/Realsync/Metasync). These apps are hosted services that run in AWS Cloud. To provide the service, we process and store certain information in our systems, including account information, service data, and optional third-party connection data (such as Salesforce) that you explicitly authorize.
Web Sites. Web Sites where Datasert hosts web pages to share information and provide support. Web Sites are https://www.datasert.com, https://help.datasert.com and https://freshdesk.com/datasert
Definitions
"Personal Data" means information that identifies or relates to an identifiable natural person.
"Customer Data" means data and information submitted, uploaded, or made available by Customer or Authorized Users through the Services.
"Data Subject" means the natural person to whom Personal Data relates.
"Services" means Datasert's products and services, including desktop applications (Brobench, Realfire) and online applications (Realtask, Realsync, Metasync).
"Authorized Users" means individuals authorized by Customer to use the Services under Customer's account.
Summary
Here is high-level, informational only, non-binding summary and important aspects of this policy. Read through full document to understand full scope of the policy.
- We do not sell, rent or loan any personal data to any third party
- The information you provide in Datasert products is not used for third-party advertising
- We follow industry best practices for all processes, including our development, deployment, hosting, data persistence and data access
- All data transmitted/stored by Datasert is encrypted in transit and at rest using industry best practices.
- Desktop Products never sends your Salesforce Data outside of your local computer, except when you export to Google Sheet or Office 365 Sheets.
- Desktop Products may send your application configuration to Datasert Servers if you are doing Remote Backups or Sync the configuration.
- Online Products may store your Salesforce Data depending on the features you use.
- Desktop and Online Products collects minimal Analytics information using first-party approach.
- Web Sites collects site usage using industry standard analytics tools like Google Analytics
Information Provided
Information Provided is the information you provide to Datasert explicitly. Most of the times this information is not optional, unless stated otherwise.
| Category | Description | What | Where | Purpose |
|---|---|---|---|---|
| Account Creation | When a Datasert Account is created | First Name, Last Name, Email and Company Name | Datasert Account Sign up Form at https://app.datasert.com/account/signup | This is used to create the Datasert Account, create first Tenant Admin, to send transaction emails |
| User Management | When a new User is added/updated | First Name, Last Name, Email, other user identifiers like Github username | In the Tenant Setup page at https://app.datasert.com/setup/users | This is used to create the user, and to send transaction emails |
| Third-Party Integrations (Online Products) | When a Connection is added/updated | Connection Name, Connection Type, Authentication Information | In the Tenant Setup page at https://app.datasert.com/setup/connections | This is used to create/update the integration, read/mutate the data in that System, and perform user-requested services |
| Third-Party Integrations (Desktop Products) | When a Connection is added/updated | Connection Name, Connection Type, Authentication Information and other connection related details | In Brobench Manage Connections Screen | This is used to create/update the integration, read/mutate the data in that System, and perform user-requested services |
| Application Configuration | Any details you provide as you use the application. For ex., create a Metadata Deployment with list of Component Names | It varies by the feature | Across the app as you use various features | To provide the capability of the feature and user requested services |
| Support Requests | When a Support Request is created | Typically Message, Body and any other information you provide | In Support Portal or in Brobench Contact Support dialog | This is used to provide support services, fix the issues you are encountering |
| Payment Information | When you subscribe for one of the products | Name, Email, Address and Card details | Name, Email and Address are collected in Manage Subscription page. Credit Card details are collected by our payment processor, Stripe. | We use this to process payments to pay for Invoices |
Information Collected
This is the information that Datasert Products/Web Sites collect as you visit and use the products.
| Category | Description | What | Where | Purpose | Optional |
|---|---|---|---|---|---|
| Product Analytics (Brobench) | Information about how users are using the application, which features are used etc | Feature Used and how many times used | In the Product as you use the Product | To understand the product usage so you can understand how products are used, so we can invest in features that users are using most. | Opt In but can be turned off in the User Preferences |
| Web Site Analytics (Brobench) | Information which pages users are visiting | Pages visited, from where and what time | Web Sites | To understand where customers/potential customers are coming from, which pages they are interested in etc., | No |
| Error Logs (Desktop Products) | This is application errors and logs as you use the products | Error description, location of the code | Desktop and Online Products | To understand and resolve the issues | No |
| Application/Error Logs (Online Products) | This is application errors and logs as you use the products | Error description, location of the code | Desktop and Online Products | To understand and resolve the issues | No |
| Device Details (Brobench) | This is information about your device like OS, Version, User Agent etc., | User Agent, OS Type, OS Version, Device Id | Desktop and Online Products when you create a support ticket from within app and fetch the license | To understand the user and provide support service | No |
Data Sharing
Marketing. We do not use information provided in the apps for third-party marketing or advertising.
Partner Marketing/Reselling. We do NOT sell nor share any of the information you provided or collected any third-parties for Sales/Marketing.
Data Sharing. We share some of the information you provide in the apps with service processors as appropriate. Following are the known data sharing partners.
- AWS Cloud: AWS is our infrastructure cloud hence all the information that comes into one of the Datasert servers is processed and some of that information is stored in AWS Rds/AWS Dynamo DB/AWS S3 Services.
- Stripe: We share your Name, Email and Address
- Zepto: We share your Name and Email to send transaction Emails
Data Export. When you export the data from either Desktop or Online products, we will export information you selected into that integration. For ex., if you add Google Sheets connection and export to Google Sheets, we will upload the requested records to Google Sheet. Customer is responsible for ensuring it has the necessary rights, consents, and agreements with the applicable third-party provider for such exports.
Data Security
We use industry standard administrative, technical, and organizational safeguards designed to protect information from unauthorized access, disclosure, alteration, or destruction. Here is the list of things are we doing to protect your data.
Datasert Account Password: Your Datasert Account password/Brobench Master Password is hashed along with random per-user salt and then hashed using bcrypt algorithm. After that hashed password is stored in different data service than main app data service. So that even if one system is compromised, hackers cannot exploit the information.
Data Encryption: The information is always transmitted over HTTPS 1.1, HTTPS/2, or HTTPS/3 with TLS 1.3 and data at rest is encrypted using AWS KMS service.
Salesforce and Other Connection Password/Access Tokens (Online Products): In Online Products, it is encrypted using three factor keys. Codebase Key, Environment Key and Customer Key. Customer Key is random symmetric key generated for each customer. Also these encrypted ciphers are stored in different system than main application database.
Salesforce and Other Connection Password/Access Tokens (Brobench): We use Master Password to encrypt connection password/access tokens in Brobench.
Application Secrets: Application Secrets are secrets that application needs to connect to various services. For ex., Database Username/Password or Email Service API Key etc., This is managed by Datasert Admins. These secrets are stored in the AWS Secret Manager with default Deny access for all Users except for AWS Account Admins.
Data Retention
This section indicates how long we retain the data you provide.
Application Configuration: These are the various application configuration you create as you use the applications. For example., when you create a Job in Realtask or create a Deployment Job in Brobench. This is retained till you delete it yourself or till you Inactivate the Tenant.
Salesforce Data in Salesforce Orgs: We never delete the Data in Salesforce unless you are specifically asking to Delete the Data. For example, you create Delete job in Realtask to delete duplicate Accounts.
Salesforce Data in Datasert Servers: Online Products may store some of your Salesforce Data depending on the features you use. For example, when you create a Export Job in Realtask and select the target as File. In such cases, data is exported and stored securely in Datasert controlled AWS S3 location. That information is retained anywhere from 30 days to 1 year depending on the Runs history configuration.
Salesforce Data in External Services: Desktop and Online Products may export your Salesforce Data as requested to a external service. For example to Google Sheet or Office 365. In such cases, we do not control the retention and is retained as per your company policy.
Application Logs: Application Logs are retained for up to 30 days
Legal Bases for Processing (GDPR)
Where the General Data Protection Regulation ("GDPR") applies, Datasert processes Personal Data only where it has a lawful basis to do so. These bases include:
- Contract. Processing is necessary to perform our contract with you, including providing the Services, authenticating users, responding to support requests, and managing subscriptions.
- Legitimate Interests. Processing is necessary for our legitimate business interests, such as improving and securing the Services, preventing fraud and abuse, monitoring usage, and communicating with customers, provided that such interests do not override your fundamental rights and freedoms.
- Legal Obligation. Processing is necessary to comply with applicable legal obligations, including accounting, tax, regulatory, and lawful government requests.
Where required by law, Datasert will obtain your consent before processing Personal Data and you may withdraw consent at any time.
Your Rights
You have the right to request any of the information associated with individual users in your Tenant or all of your Tenant Information.
Requesting Access: To request access, correction, deletion, or portability (where available), contact privacy@datasert.com. We would need to verify your identity before fulfilling requests.
Marketing Preferences: You may unsubscribe from marketing emails at any time using the unsubscribe link in those emails. Transaction Emails (such as billing receipts and security notifications) are not optional.
Salesforce Data in Datasert Servers: Online Products may store some of your Salesforce Data depending on the features you use. For example, when you create a Export Job in Realtask and select the target as File. In such cases, data is exported and stored securely in Datasert controlled AWS S3 location. That information is retained anywhere from 30 days to 1 year depending on the Runs history configuration.
California (CCPA/CPRA) Notice: California residents may have additional rights, including the right to know, delete, and correct personal information, and the right to opt out of certain data sharing (where applicable). Datasert does not sell personal information.
Children's Privacy
Our services are not intended for children, and we do not knowingly collect personal information from children under 13 (or the minimum age required by applicable law). If you believe a child has provided us personal information, contact privacy@datasert.com, and we will take appropriate steps to remove the data.
Security Incidents, Breach Notification and Vulnerability Reporting
Security Incidents & Breach Notifications
We maintain processes designed to detect, investigate, and respond to security incidents that may affect the confidentiality, integrity, or availability of information.
In the event of a confirmed security incident involving personal information, we will take reasonable steps to contain, assess, and remediate the incident.
Where required by applicable law, we will notify affected users and/or relevant authorities within the timeframes prescribed by law. If notification is required, we will generally notify the Tenant Admins associated with the affected organization, using the contact information on file corresponding Tenant Admin's email.
Not all security events result in a reportable data breach under applicable law.
Vulnerability Reporting
If you become aware of a security vulnerability in any of our products, services or websites, contact security@datasert.com
We encourage the responsible disclosure of security issues, and will act quickly on any vulnerabilities reported. We may offer recognition or rewards at our discretion for such reporting.
Changes to this Policy
We may update this policy from time to time. If we make material changes, we will provide notice through our website, products, or other appropriate means. This policy was last updated on October 20, 2024.
Contact
If you have questions about this policy or our privacy practices, contact us:
- Privacy:
- privacy@datasert.com
- Security:
- security@datasert.com
- Address:
- 4900 Hopyard Rd #100, Pleasanton CA 94588, USA
- Website:
- https://www.datasert.com