We take security seriously at Demand Sage. We understand that when you connect your accounts using our software, you need assurance that your data is kept secure and private. That's why we make every effort to use best-in-class technology and provide full transparency on our processes and policies.
In order for Demand Sage to provide service, we must access customer accounts to access their services and gather their data. Two examples of this are:
In all cases where access is required, Demand Sage will always request the fewest permissions required to complete the task. In cases where the default permissions grant more than is needed Demand Sage will never make use of those permissions.
In all cases where accesses is needed, it will only be accomplished through OAuth such that the customer maintains control of the permissions and can revoke our access at any time. These tokens are stored encrypted in our system, never shared, and never logged.
While you are a customer of Demand Sage it will have access to the data sources you authorize (e.g. HubSpot). In order to provide our service we will cache some of this data on our systems. Our policies around data storage include:
Cached data is stored in our systems to provide service to our customers. This data is never archived or backed up and never leaves our system except in transit to the customer's Google Sheet. When data is deleted, because credentials have expired or upon request of a customer, the cached data is deleted from our system and no further record of this data exists.
Demand Sage is a Google Sheets addon. This means our reports, including any custom reports built via our report builder, as well as the result of any =Sage() queries all output into a Google Sheet. Demand Sage employees do not have access to this sheet and are unable to see its contents. The customer controls access to that sheet and its data via Google's robust account permissioning.
Data only comes into our system directly from the sources our customers authorize. Once in our system it remains encrypted and is only transmitted to the customer's Google Sheet. All transmissions are encrypted (via TLS 1.2 or newer) and any attempt to connect over an unencrypted channel (such as HTTP) will fail or be redirected to an encrypted channel (such as HTTPS).
We do not sell customer data, or provide third parties with access to customer data under any circumstances. Demand Sage will never share your data with third parties.
Our technology is built upon several leading cloud providers. Every provider has a proven track record of security and regulatory compliance with audits including SOC 1/2-3, PCI-DSS, and ISO27001.
The vendors we rely on are: