<aside> 💡 This document highlights the security measures and protocols we put in place to ensure our customers’ data is security.
</aside>
At Pod, we’re building the only smart productivity workplace for enterprise account executives. Our mission is to provide a more unified way for our users to update, organize, and prioritize their work. To achieve this goal, we integrate with a variety of existing sales tools our users currently use. We are dedicated to handling our customers’ sensitive data and adhere to the best-practice standards of security and data compliance across our application.
You’ll find below a list of security measures we’ve taken to keep our users (and ourselves!) safe:
When connecting to 3rd party systems (i.e., Salesforce, GSuite), we leverage their OAuth-based authentication option. This way, users will never give Pod access to their credentials (i.e., username, password). This way, we eliminate the risk that our users’ credentials get compromised (or accessed) through Pod by a malicious party. Additionally, we’re currently in the final steps of obtaining Google Verified App certification - which would add yet another feather of security & reliability to Pod’s cap. As an example, in order to connect their Salesforce or Google Suite accounts, users enter their credentials in a pop-up window controlled by the 3rd party application (i.e., Salesforce, Google). Through this service, the users then grant Pod permission to access their data.
We understand that these systems host sensitive information. None of our customers’ data are stored when our users integrate their Salesforce or GSuite instances. Therefore, the question of any SFDC/GSuite data getting leaked or exposed doesn’t arise in the first place.
All our API requests & responses are sent and received using the HTTPS protocol (rather than HTTP), which encrypts request/response data and prevents potential man-in-the-middle attacks.
In order to protect our database, we encrypt all data that users generate on Pod (i.e., tasks, documents, preferences). Therefore, in the unlikely event that a malicious third party is able to access Pod’s database, the data is completely unusable. Given it is encrypted, it would appear entirely nonsensical.
Our database is set so that it can only interact with specific pre-defined IP addresses, corresponding to Pod back-end servers). This creates a further level of security and ensures that only authorized entities can access our database.
In order to ensure that malicious individuals aren’t able to access our application’s codebase or servers, we’ve enabled multi-factor authentication.