CRM Data Access
Notice information and contact details forms the bulk of the information being passed from Stotles to the CRM. Data passing from CRM to Stotles is outlined below:
Users/owners - used to populate the drop down so notices can be assigned to specific users
Accounts/Companies - To assign Stotles notices and contacts to the correct account
Opportunity Type / Stage
We also fetch and store details regarding the Objects withing the CRM to help us build the form above, allowing customers to push relevant data to the corresponding objects in the CRM.
We have limited the number of scopes defined for each CRM which are outlines below:
Salesforce:
Access the identity URL service
Manage user data via APIs
Perform request at any time
HubSpot:
View details about users assigned to a CRM record.
Contact lists (Create, delete, edit)
Contacts (Create, delete, edit)
Companies (Create, delete, edit)
Deals (Create, delete, edit)
Storage
We use AWS Postgres to store all our customer data, by default all data is encrypted and only accessible to specific this includes what integration each customer has connected to (Salesforce, HubSpot etc) as well as details of which notices have been send to the CRM. All sensitive data is stored using AWS encryption (KMS).
Employee Access
Data stored in our databases can only be accessed a limited number of employees. We enable 2FA and Single Sign On (SSO) where possible. All laptops are secured by Antivirus and Firewalls, and have full-disk encryption enabled. All passwords are stored securely using password management tools that generate unique complex passwords.
Servers
We use AWS as our infrastructure provider, and all our servers are hosted on AWS. Access to our servers is restricted and only granted to authorised employees on a need-to-know basis. All data is transferred using SSL encryption and backup regularly using the built in backup services provided by AWS.