General Privacy and Security Overview
Crescendo currently operates with the following security and privacy features:
Your Data is Encrypted. Crescendo transmits data over public networks using strong encryption. Data at rest in Crescendo’s production network is also encrypted.
Data Disposal is Handled Thoroughly. We remove and/or anonymize your data as soon as Crescendo is deleted from your Slack workspace.
Crescendo is GDPR Compliant. You can request that we “forget” you from our database, and we will make sure it is done within 30 days. For more info, visit our Privacy page.
Your Data is Safe with Us. Everyone working for Crescendo agrees to our confidentiality terms, pass a background screening, and attend security training. When workers leave Crescendo, they no longer have access to our systems.
Data Flow Diagram
Privacy & Security FAQ
Is Crescendo able to view our data?
To minimize the risk of data exposure, Crescendo adheres to the principle of least privilege—workers are only authorized to unencrypt and access data that they reasonably must handle in order to fulfill their current job responsibilities. Everything is sent over SSL.
Who owns the data?
You are the owner of your own data, and we are simply holding it temporarily to make Crescendo better for your team. In regards to your team's question history between users and Crescendo, we may use the queries only, anonymized, to help Crescendo better understand the English language. The contents of your personal data is never used.
Can we delete data from Crescendo's access without removing the service?
No. Crescendo needs permission to access your Slack workspace in order to function.
What security controls are in place to protect the data?
For general security, we have compiled the points at the top of this page to highlight some of our general security practices and data storage.
It's important to note, being an approved bot in the Slack app directory also means that we have been cleared by their directory team for privacy, security terms etc. and are currently working towards an additional certification: SOC2 compliance.
Where (geographically and logically) is the data held?
Crescendo services are hosted in Azure data centers. Azure offers state-of-the-art physical protection for the servers and related infrastructure that comprise the operating environment for the Crescendo services. Azure has more global regions than any other cloud provider—offering the scale needed to bring applications closer to users around the world, preserving data residency and offering comprehensive compliance and resiliency options. The Azure data centres are located in 54 regions worldwide, with 140 available in 140 countries.
Each Crescendo customer’s data is hosted in Crescendo’s shared infrastructure and segregated logically by the Crescendo application. Crescendo uses a combination of storage technologies to ensure customer data is protected from hardware failures and returns quickly when requested.