It’s a new year and we’ve made some big changes. Check out Apsona’s all-new pricing bundles for your organization!

Data Security and Protection Policy

At Apsona, security and data protection are primary drivers in the design of our products and services. We strive to ensure that Customer Data is protected and treated securely. The Apsona Data Security and Protection Policy summarizes the security-related aspects of our Software (as defined in the Privacy Policy). Any terms that are undefined in this Data Security and Protection Policy shall have the meanings as defined within the Apsona Terms of Service or the Apsona Privacy Policy. The Data Security and Protection Policy are incorporated into the Apsona Terms of Service or the Apsona Privacy Policy by reference.
The Apsona Software is an add-on to Salesforce, and the Software works within your browser connected to Salesforce. The Software can only operate within the browser window in the Salesforce context. Therefore, all of the security protections afforded by Salesforce are automatically inherited by the Apsona Software.

Data Traffic Boundaries

With all Apsona Software, data traffic is entirely limited to between your browser and your Salesforce database, with no third-party servers involved. There are two exceptions, the PDF generator and the Scheduler, which are described further below. This data traffic is encrypted via the industry-standard SSL (Secure Sockets Layer) between your browser and Salesforce.

Data Collection

We do not collect or store Customer Data and no Customer Data passes through servers, except as disclosed within our Privacy Policy or this Apsona Data Security and Protection Policy. Throughout our product designs, we take particular care to ensure that all our code and processes are data-independent, so as to maximize data security.

Data privacy

We do not share any of your Customer Data submitted to the Software with any partners or others outside of Apsona. All data access is strictly limited to qualified and experienced personnel within Apsona.

PDF Product

Legacy Architecture

As noted above, except for the PDF or Scheduler service we do not collect or store any Customer Data on any of our servers. During your use of the PDF service, we may store Customer Data only if (a) you use the Document Generator add-on, and (b) you use the PDF format for generating your documents. (In other words, if you don’t use the Document Generator add-on, or you never use the add-on to generate documents in PDF format, this doesn’t apply to you.) In this specific case:

  • Only the docx and pdf files are stored on our server file systems, and
  • Stored files are erased within two hours.

 

Early Release: Opt-in Only (Updated Architecture)

As part of our commitment to delivering seamless user experiences, we’ve enhanced the Document Generator service with a new architecture that ensures faster delivery and even greater protection of your data:

  • All .docx and .pdf files generated via the Document Generator are now transmitted directly and securely via encrypted HTTPS/SSL to the customer’s Salesforce instance immediately upon generation.
  • No .docx or .pdf files are stored on Apsona servers at any point during or after the document generation process.

This improvement eliminates any temporary storage of customer-generated documents on our servers, further strengthening our privacy-first approach and ensuring full control of document data remains within the customer’s Salesforce environment.

The Scheduler Product

If you purchase and use Apsona’s Scheduler product, the Scheduler requires access to your data to produce reports non-interactively (i.e., outside of the browser). The Scheduler’s design ensures the best possible security:
  • None of the data used for generating reports is ever maintained in a file store, not even temporarily. The Scheduler operates by retrieving your Salesforce data, composing the email and sending it immediately, entirely within the server's volatile memory.
  • All traffic between the Scheduler and your Salesforce instance occurs via the same industry-standard SSL encrypted channel that your browser uses.

Server architecture

Our Software uses servers for:
  • delivering the software assets to your browser
  • managing and provisioning licenses
  • converting docx files to pdf format
  • managing usage logs for the purposes noted above.
Our servers are located in secure hosting environments, across geographically distributed locations in the United States. This ensures high redundancy and resilience.
  • To minimize intrusion and attack vectors, our servers expose the bare minimum of services to the public internet: only a web server. No other services are exposed.
  • Our server software is very lean: We do not use any publicly-available software frameworks. This has the benefit of preventing attacks that exploit known security vulnerabilities in frameworks.
  • Server operating systems receive regular software updates to ensure that they are not compromised.
  • Access to servers is limited to experienced systems professionals at Apsona.

Sensitive Information

As noted above, we do not store any Customer Data on any of our servers, with the exception of document format conversion. Given the range of verticals and domains that we service and the nature of data in documents, we are unable to detect sensitive information in them. Consequently, we rely on you, our customers, to safeguard your data. In general, it is advisable to ensure that sensitive data is not included in generated documents, so that your security is not compromised.