Product security.

The mesures we put in place to create and provide secure, reliable products.

Enhanced data encryption

All our SSL certificates support 256-bit SSL encryption to guarantee the security of data transmitted with Agendrix. Particularly sensitive data, such as social security numbers, are also encrypted twice.

Data encryption is an automatic operation by which we render the information entered into Agendrix unintelligible when it is transmitted via the Internet. Only authorized users have the encryption key required to read the data.

In addition, the SSL security protocol we use ensures data protection by answering the following questions in the affirmative:

• Is the user attempting to access the data authorized to do so?
• Is the data adequately encrypted during online transmission?
• Is the data received the same as the data sent, i.e., was any information lost or corrupted?
• Can the user always access the data needed on demand?

The technical details of this protocol are beyond the scope of this page, however.

What you should remember: We have adopted the most advanced cybersecurity measures to prevent any issues with the security or integrity of data transmitted with Agendrix.

Resilience and continuity of service

We maintain redundant copies and continuously back our user databases up. In the event of server-related problems, these backups can be recovered quickly, allowing our users to continue their work without any loss of data.

In addition, our backups are stored on servers located in data centers that are separate from our main servers to limit the impact of any local issues.

Limited data retention

Our data retention strategy is based on the principles of minimization of the retention period and necessity of retention.

In so doing, we naturally limit the risk of loss, corruption, interception, or any other data-related security problem.

We therefore keep the data of our users for as little time as possible, and only when necessary in order to:

• Fulfill the purpose for which it was collected. For example, we retain the first and last names of our users to allow them to be identified by their colleagues within their organization in Agendrix.
• Comply with legal data retention requirements. For example, we are required to save timesheets for a certain period after they expire.
• Protect our legitimate business interests. For example, we retain banking data to automate monthly payments related to our services.

We also delete user data upon request within 90 days of receipt of the request. However, for technical reasons, certain non-identifying user data may be retained for up to 12 months.

State-of-the-art infrastructure and hosted services

Agendrix runs on AWS cloud infrastructure in the ca-central-1 region. Agendrix operates a highly scalable and redundant infrastructure backed by Amazon’s 99.99% uptime service level agreements.

AWS facilities comply to the following security and data privacy standards: ISO/IEC 27001:2013, ISO/IEC 27017, ISO/IEC 27018, PCI-DSS Level 1, CSA STAR Level 1, 2 & 3, SOC 1, SOC 2, and SOC 3.

Learn more about AWS

Penetration testing and cybersecurity audits

We perform penetration tests on a yearly basis through the services of Vumetric, a cybersecurity service provider meeting ISO 9001 requirements. These tests simulate malicious user or malware attacks that target different aspects of our IT infrastructure to identify configuration problems, security gaps, and other vulnerabilities.

Whenever issues are identified, a remediation plan is scheduled according to the criticality of these issues, including additional tests for the resolved vulnerabilities.

Learn more about Vumetric

Highly secure online payments

All payment instrument processing is outsourced to Stripe.

We make every effort to protect data within Agendrix itself. By extension, we must also ensure that the external collaborators with whom we share this data comply with our own security requirements. Our choice is therefore based primarily on the proven expertise of Stripe in this area.

The services of Stripe comply with the following security and data protection standards: PCI-DSS Level 1, EMVCo Level 1 & 2, SOC 1, and SOC 2.

Learn more about security at Stripe

Data governance

Data governance is broadly defined as the set of principles, policies, and measures that govern the management of the data we collect on a daily basis.

The ubiquity of productivity software and the many problems associated with the misuse of data have forced governments to legislate globally on the issue.

As a result, organizations using software such as Agendrix today have an obligation to ensure that these tools comply with the legal requirements of their jurisdiction. The long-term future of Agendrix is therefore closely linked to our ability to ensure compliance with the most stringent governance laws.

As such, we have adopted a number of internal policies governing data use, the role of each of our employees, and the management of our subcontractors:

• Our Personal Information Management Policy categorizes data according to its level of sensitivity and outlines the use, communication, retention, destruction, and any other operations related to the data.
• Our Information Security Policy defines the processes implemented to protect the confidentiality, integrity, and availability of data and our systems.
• Our Subprocessor Management Policy sets out our criteria for selecting subprocessors and the security requirements for sharing data with them.

Learn more about privacy at Agendrix

Requests

Should you have any questions or requests regarding data security or use, please reach out to our Privacy Officer at [email protected].