Security Certifications and Compliance
Q: Do you have any formal compliance attestations such as SOC 2 Type II, ISO 27001, HIPAA, or FedRAMP?
No, we do not currently hold any formal compliance certifications or attestations.
Encryption Key Management
Q: Does your platform support customer-managed encryption keys (e.g., BYOK) via Azure Key Vault?
No, customer-managed encryption keys are not supported.
Data Retention and Deletion
Q: What is your standard data retention period for temporarily stored reminder content?
There is no fixed retention period for temporarily stored reminder content; the data is retained until the user deletes it.
Q: What happens to user settings and data after the license expires?
After the license expires, user settings are preserved for up to 6 months and then permanently deleted.
Q: Can customers request full data deletion, and are there any system-level backups beyond customer control?
Yes, customers can request full data deletion. System-level backups are performed automatically and are managed by Microsoft.
Security Logging and Monitoring
Q: Do you support security monitoring features such as failed login tracking?
Failed login tracking is not possible, as authentication is managed by Microsoft and is not visible to us.
Q: Is SIEM integration supported?
We do not currently support SIEM integration.
Q: Is audit logging for administrative actions available?
Audit logging is managed by the standard Azure system.
Cloud Infrastructure Security Controls
Q: Have you implemented internal security tools such as intrusion detection/prevention (IDS/IPS)?
Intrusion detection and prevention are handled by Microsoft; we do not implement any additional controls.
Q: Do you perform vulnerability scanning or penetration testing?
Vulnerability scanning is performed automatically by Microsoft.
Q: Can you provide supporting documentation for these controls?
Documentation is not available beyond what is provided by Microsoft.
Data Processing Agreement (DPA)
Q: Do you have a standard DPA available for enterprise customers?
No, a standard Data Processing Agreement is not available.
Location of Temporary Data
Q: Is temporarily stored email content restricted to a specific Azure region?
By default, temporarily stored email content is located in North America, but we can store some data in Europe if required by the customer’s tenant region.