Demand Sage Security and Data Privacy

We take security seriously at Demand Sage. We understand that when you connect your accounts using our software, you need assurance that your data is kept secure and private. That's why we make every effort to use best-in-class technology and provide full transparency on our processes and policies.

Data Access / Credentials

In order for Demand Sage to provide service, we must access customer accounts to access their services and gather their data. Two examples of this are:

  • Google Apps - Demand Sage is provided as a Google Sheets plugin. As a result, it requires access to a customer's Google Apps account in order to enable functionality within the Google Sheets experience. Demand Sage also needs access in order to update the customer's sheets as new data is processed and new results are available.
  • Data Connectors (such as HubSpot) - Demand Sage provides value by making connector data available within the Google Sheets environment and by augmenting it with logic during processing. In order to do this, Demand Sage needs access to the data.

In all cases where access is required, Demand Sage will always request the fewest permissions required to complete the task. In cases where the default permissions grant more than is needed Demand Sage will never make use of those permissions.

In all cases where accesses is needed, it will only be accomplished through OAuth such that the customer maintains control of the permissions and can revoke our access at any time. These tokens are stored encrypted in our system, never shared, and never logged.

Data Storage

While you are a customer of Demand Sage it will have access to the data sources you authorize (e.g. HubSpot). In order to provide our service we will cache some of this data on our systems. Our policies around data storage include:

  • All data is stored in the United States.
  • We only cache the data that will be used to provide our service.
  • All data is encrypted according to industry best practices.
  • Demand Sage employees do not have access to customer data unless required during debugging or development. In these cases access is logged and audited.
  • Customer data is never backed up or transferred out of our system. When the cache is deleted, all record of the data is deleted.
  • Each customer's data is isolated via different security credentials.

Data Retention

Cached data is stored in our systems to provide service to our customers. This data is never archived or backed up and never leaves our system except in transit to the customer's Google Sheet. When data is deleted, because credentials have expired or upon request of a customer, the cached data is deleted from our system and no further record of this data exists.

Customer Sheets

Demand Sage is a Google Sheets addon. This means our reports, including any custom reports built via our report builder, as well as the result of any =Sage() queries all output into a Google Sheet. Demand Sage employees do not have access to this sheet and are unable to see its contents. The customer controls access to that sheet and its data via Google's robust account permissioning.

Transmission of Data

Data only comes into our system directly from the sources our customers authorize. Once in our system it remains encrypted and is only transmitted to the customer's Google Sheet. All transmissions are encrypted (via TLS 1.2 or newer) and any attempt to connect over an unencrypted channel (such as HTTP) will fail or be redirected to an encrypted channel (such as HTTPS).

No Third Party Data Sharing

We do not sell customer data, or provide third parties with access to customer data under any circumstances. Demand Sage will never share your data with third parties.

Demand Sage Vendors

Our technology is built upon several leading cloud providers. Every provider has a proven track record of security and regulatory compliance with audits including SOC 1/2-3, PCI-DSS, and ISO27001.

The vendors we rely on are:

Terms of Service and Privacy Policy

For more information, see our TOS and Privacy Policy: