With that in mind we want to share with you our approach to security, along with the personalized options available to our customers, to guarantee a successful joint stewardship of your data. As always, please don’t hesitate to contact us if you have any questions in regards to our security protocols, you can reach our security team at firstname.lastname@example.org.
All data transmissions from our sensors running on customers' machines are encrypted, take place over HTTPS, and are delivered to a virtual private cloud (VPC) where data is stored encrypted at rest using AES-256. Your data will never travel over the public internet unencrypted except on an as-needed basis temporarily for specific analysis, ensuring that your data is doubly secure.
Our algorithms use the sensor data to discover activity patterns that are used to document processes, map best and worst workflow paths, and identify areas for improvement and/or automation.
After 30 days the data transmitted from the sensor may be permanently deleted from storage. However, based on your Zeitworks customer agreement and account settings, this timeline can be adjusted in order to better meet your security needs.
The summarized insights and reports generated from the analysis of collected sensor data will be retained according to the terms of your Zeitworks customer agreement. We can store this information as long as necessary to provide you with analytics, insights and reports. Of course, at any time you can request this information to be permanently deleted. Any reports will be available until the summarized insights have been deleted.
Customers have the option of selecting their own personal cloud infrastructure for storing both their data, as well as insights and reports. To discuss this option and its benefits, please contact our team at email@example.com.
Zeitworks provides your IT Admin control over the sensors in your network with control over the who, when, what. Your company can schedule when the sensors will collect data, allowing you to restrict the sensor to specific work hours, or to set different work hours for different positions or individuals. With our Block List capabilities you can also determine which specific applications/services to include in our analytics. You can even allow individuals’ control over when their sensor will collect data and give them the ability to create their own Block List. You will have total control over what data is observed by Zeitworks’ sensors.
The Zeitworks sensor utilizes a Chrome browser extension to enable collecting rich browser activity data. You can find details about this extension on our Chrome extension data privacy page.
As part of our architecture, we trigger a redaction process as soon as your data arrives in our environment. This redaction detects a wide range of sensitive data, including PII, passwords, and credit card numbers. It is also customizable for customer-specific requirements. The desensitized data is then passed downstream for further processing. Another process provides the same protection for image data (screenshots), detecting and then redacting sections of the image that are determined to contain sensitive data.
[Q1 2022] The redaction system can be decoupled from the main pipeline to run in the customer's cloud or on-prem resources, ensuring no sensitive data leaves the customer’s secure perimeter.
We started working with a SOC 2 vendor in Q3 2021 to obtain our SOC 2 certification. We expect to have our level 1 certification by end of Q1 2022
Employees at Zeitworks cannot read your sensitive data (other than for quality control). And Zeitworks employees who interact with your data must be specifically screened and authorized.
As always, if at any time you have questions or concerns regarding the safety of your data, please contact our security team: firstname.lastname@example.org.
Last revised: 8 November 2021