Conversica
- Websitehttps://conversica.com
- Trust Centerhttps://trust.conversica.com
- Compliance
- CCPA
As a service provider and data processor for our customers, we provide information and service features that help them meet their respective state law obligations, including those of the California Consumer Privacy Act of 2018 ("CCPA"). Conversica qualifies under the CCPA as a "service provider" with which you, as our Conversica customer or "business", can share CA consumer PI to the extent “reasonably necessary and proportionate” to achieve your business goals. You choose the PI we process on your behalf so our AI Assistants can initiate conversations on your behalf. We also comply with the CCPA as a "business" within the meaning of the Act.
- COPPA
In accordance with the Children’s Online Privacy Protection Act (COPPA), the Conversica service agreement prohibits our customers from sending to us for processing the PII of anyone who is age 13 or under. If we knowingly receive such data in our services we will inform our customers and delete it.
5 more topics
- Product Security
- Audit Logs
Conversica maintains administrative logs as well as logs for account establishment and modifications.
- Multi-Factor Authentication
Conversica makes it easy for you to add multi-factor authentication to your Conversica account user login process to enhance account security.
2 more topics
- Data Security
- Data Encrypted At-Rest
Data is encrypted at rest using AES256.
- Data Encrypted In-Transit
We encrypt data in transit using HTTPS/TLS. The TLS version supported is currently 1.2 or newer.
1 more topic
- Privacy
- Privacy Policy
The Conversica Privacy Policy describes our practices regarding the personal information we process as a data controller operating a business. This policy also describes our role and practices in connection with personal information we may receive and otherwise process on behalf of our customers.
- Data Retention Policy
Conversica retains customer data in accordance with customer instructions contained in their respective services agreements. Following customer account termination, access is removed and the customer data associated with the account is logically deleted and then overwritten. When media that hosted customer data is no longer useful, it is destroyed in compliance with NIST SP 800-88 Revision 1 Guidelines for Media Sanitation and DoD security guidelines.
3 more topics
- Incident Management & Response
- Data Breach Notification
Conversica operates a formal security incident response plan under its Security Event Management Policy and related procedures. Escalation procedures exist to ensure the timely communication of any data breach through the management chain and to any affected customers without undue delay.
- Incident Response Plan (IRP)
Our IRP is noted above under Data Breach Notification.
- Availability & Reliability
- Data Redundancy
Data is backed up real time on servers in separate facilities to facilitate prompt recovery if necessary.
- Denial of Service (DoS) Protection
Conversica has deployed Amazon Web Services resources for Denial of Service protection
1 more topic
- Organizational Security
- Confidentiality Agreements
Our service agreements provide for the confidential treatment of confidential customer information, including customer data. And we require all our employees and contractors as well as vendors to sign confidentiality agreements to ensure the protection of confidential information.
- Employee Background Checks
Conversica employees are required to provide specific documents verifying identity and undergo federal and state criminal background checks prior to being hired.
5 more topics
- Business Continuity
- Business Continuity Plan
Conversica has implemented an integrated Business Continuity and Disaster Recovery Policy and maintains related plans under the policy. Please see the text under Disaster Recover Plan for more information on this topic.
- Disaster Recovery Plan
Conversica maintains essential disaster avoidance, readiness, and recovery planning capabilities through the use of multiple geographically dispersed data centers, redundancy throughout our platform architecture, offsite data backup, and remote access capabilities. We also maintain a Business Continuity and Disaster Recovery Policy and related plans and test them on a regular basis.
1 more topic
- Infrastructure
- Multi-Tenant Architecture
Conversica provides its subscription services using multi-tenant architecture with the data in each customer account logically separated from other accounts. The data is encrypted at rest using AES 256.
- ISO 27001 - Data Center
Amazon Web Services data centers - certified as compliant with the following ISO standards: ISO 27001:2013, ISO 27017:2015, and ISO 27018:2019.
2 more topics
- Threat Management
- Penetration Testing
We have an independent, third party security vendor conduct manual penetration testing of our internal and external infrastructure and services on an annual basis. This manual testing is complimented by automated testing on a more frequent regular basis using a variety of commercially available testing tools.
- Vulnerability Scanning
Conversica uses a number of automated scanning tools to scan for application security vulnerabilities on a frequent basis. Scans are applied to every code build and prior to code merger.
1 more topic
- Subprocessors
Sign up to view Conversica's Subprocessors
Sign up to see the rest of Conversica's posture and unlock unlimited access.
Unlimited access to the directory allows you to review and compare thousands of security postures sourced from around the web.