Privacy & Security

Privacy and security are our priorities. ⤵

Trust Matters

Crescendo’s Commitment to You

At Crescendo, performance, security and data privacy are first-order considerations. We believe these principles need to be central to every decision we make, and everything we do as a company. That’s why we continually address these areas to ensure that our solutions never negatively impact the integrity of your data, your users, or your application.

 
sage-headshot-2018.jpg

Sage Franch

CTO, she/her

 

FAQ

 

Protecting Your Information

What information do we collect and why?

  • We collect customer name, company name, address, and email address.

    • We use this information to provide you with our Services; for example, to contact you and invoice you. Note we do not collect the names and email addresses of individual users, only of points of contact associated with the administration, billing, and installation of the Application.

  • We collect information about the users in your Slack workspace, including anonymized identifiers provided to us by Slack’s APIs, information about how they use Crescendo’s Services, and information they choose to provide us with (for example, users may choose to send us feedback messages or share their demographic information).

    • We use some of the personal information you provide us to conduct some level of automated decision-making -- for example, we use certain information to personalize the learning paths you receive.

    • We use some of this information to conduct workplace analytics Services, to be shared with your Workplace Administrators through the Crescendo Application. This information is never shared with third parties.

Appropriate measures are built in to the product to ensure restricted user data is not stored in our systems. This includes credit card information, phone numbers, social insurance numbers, and international personal identification numbers. Freeform input from users is cleaned of such sensitive data prior to being stored in Crescendo’s systems.

About Payments

We use a third-party tool, Stripe, to process your payments in a secure way. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. More information about Stripe’s security can be found here.

When do we collect this information?

  • We collect payment information when you sign up for our Services

  • We collect user information when you access our Services by installing the Crescendo Application into your Slack workspace, and when users interact with the Crescendo interfaces

  • We collect additional information as needed to manage support requests when a user engages our Support services through support@getcrescendo.co or by invoking support requests from the Crescendo Application.

Where do we store this information?

Crescendo services are hosted on Microsoft Azure’s platform, located in Microsoft’s Toronto and Montreal datacenters. Azure offers state-of-the-art physical protection for the servers and related infrastructure that comprise the operating environment for the Crescendo services.

Microsoft cloud services are audited at least annually against SOC 1 (SSAE18, ISAE 3402) and SOC 2 (AT Section 101) standards. The audit for Microsoft cloud services covers controls for data security, availability, processing integrity, and confidentiality as applicable to in-scope trust principles for each service. More information about Microsoft’s security standards can be found here.

For how long do we retain your information?

  • In general, we keep your personal information throughout your relationship with us.

  • Once you terminate your relationship with us, we will remove within 48 hours your personal information and the personal information of users in your Slack workspace. We generally will continue to store archived copies of other non-personal information for legitimate business purposes such as to defend a contractual claim or for audit purposes and to comply with the law, except when we receive a valid erasure request.

  • We will continue to store anonymous or anonymized information, such as website visits and Application statistics, without identifiers, in order to improve our Services.

What we don’t do with your personal information

  • We do not and will never share, disclose, sell, rent, or otherwise provide personal information to other companies for the marketing of their own products or services.

How do we keep your personal information secure?

  • We follow industry standards on information security management to safeguard sensitive information and any other personal information entrusted to us. Our information security systems apply to people, processes and information technology systems on a risk management basis.

  • No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of your personal information.

Control over and access to your personal information

Crescendo understands that you have rights over your personal information, and takes reasonable steps to allow you to access, correct, amend, delete, port, or limit the use of your personal information. If you have any questions about your personal information or this policy, or if you would like to make a complaint about how Crescendo processes your personal data, please contact Crescendo by email at privacy@getcrescendo.co.


Third Party Websites and Services

Our Services, including the Crescendo Application and website, may contain links to websites and services that are owned and operated by third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites and services linked to or from our Services.

Any information that you provide on or to a third party website or service or that is collected by a third party website or service is provided directly to its owner or operator and is subject to the owner’s or operator’s privacy policy. To protect your information we recommend that you carefully review the privacy policies of any website or service that you access.


Personnel

All employees who access Crescendo systems or may come in contact with customer data are bound by strict confidentiality agreements. Upon termination of work at Crescendo, all access to Crescendo systems is removed immediately.

To minimize the risk of data exposure, Crescendo adheres to the principle of least privilege—workers are only authorized to access data that they reasonably must handle in order to fulfill their current job responsibilities.

Contact

At Crescendo, your privacy is our priority. If you have any further questions after reading this document, please contact us at privacy@getcrescendo.co.