Skip to main content

Privacy and Security at DataGroomr

Learn about our governance, risk, and privacy compliance practices

BOOK A DEMO
privacy and security

Privacy and security at our core

As a data integrity solution provider, DataGroomr understands the paramount importance of data security and privacy. Our unwavering commitment to safeguarding our customers’ sensitive information is at the core of our operations, including software development and technical support.

We combine enterprise-level security with extensive audits of our application, systems, and networks to ensure customer and business data is always protected. You can rest assured knowing your data is safe, your interactions are secure, and your business is protected.

Privacy
by Design

Customer data is never stored. All meta data is encrypted in transit and at rest. 

Regulatory
Compliant

DataGroomr is SOC2, GDPR and HIPPAA compliant. 

Regular
Security Audits

Audited by Salesforce security and third-party penetration tested. 

Security Trimmed
by Salesforce

You control permissions for DataGroomr access to Salesforce API. 

Certified Salesforce ISV

Before any ISV application can be publicly listed on Salesforce AppExchange, it must pass a security review, which includes how well it protects customer data. To help identify security vulnerabilities, Salesforce security review teams test our applications with threat-modeling profiles based on common web vulnerabilities. The teams attempt to penetrate our defenses with the goal of extracting or modifying data that they don’t have permission to access, just as security threats attempt to do. 

SOC 2 compliance

A voluntary compliance standard for technology companies with cloud-based products, SOC 2 specifies how an organization should manage customer data. The AICPA (American Institute of Certified Public Accountants) sets compliance guidelines which ensure services are secure, available, and confidential and that information security best practices are in place. 

DataGroomr has taken information security and compliance very seriously and built our solution around being SOC 2 compliance from the start. Our SOC 2 Type 2 report is simply official proof that we comply with the globally recognized information security standard, which recognizes concrete data protection practices and ensures that your data remains protected throughout its lifecycle within our platform. 

Learn more

HIPAA compliance

HIPAA, the Health Insurance Portability and Accountability Act, sets national standards for safeguarding patient health information, particularly in electronic healthcare transactions. It mandates stringent confidentiality and security measures, ensuring the responsible use and disclosure of health information while granting patients access and correction rights to their health records.  

DataGroomr’s HIPAA certification not only aligns with regulatory standards but also reinforces our commitment to maintaining the highest data security and privacy standards. Customers needing or opting for the use of protected health information (PHI) within their DataGroomr instance can rest assured that they are using a secure and reliable solution. 

Learn more
hipaa certificate
gdpr logo

GDPR compliance

DataGroomr is committed to protecting the privacy and rights of individuals whose personal data is processed within our application. To ensure that DataGroomr adheres to the requirements set forth in the General Data Protection Regulation (GDPR), we’ve implemented key measures and processes including:

  • having a Data Processing Agreement (DPA) in place with Salesforce
  • collecting and processing only necessary data and not retaining it for longer than necessary
  • ensuring data security
  • implementing privacy-enhancing features and settings by design and default

Free 14-Day Trial

No setup or customization required.

Privacy policy

DataGroomr’s privacy policy covers our treatment of data gathered
when you are accessing or using DataGroomr.com or the DataGroomr app.

Privacy policy

Is DataGroomr secure?

Yes. Our app is subject to a Salesforce security review which it passed first time! As an App Exchange Partner, our app is also subject to regular security audits from Salesforce. Keeping your data secure is a top priority for DataGroomr and we’ll continue to experiment with emerging technologies to ensure that it always stays that way.

What data does DataGroomr store?

DataGroomr does not store customer data. DataGroomr only stores IDs of the records and the metadata about the objects that are added to DataGroomr (list of fields and their types).

Is DataGroomr GDPR compliant?

Yes. As described above, DataGroomr does not store your data which significantly reduces the risk profile. Additional documentation including DPA is available upon request.

Is DataGroomr HIPAA certified?

Yes, DataGroomr has achieved HIPAA compliance, which ensures top-tier data security and patient confidentiality for customers, especially those in the healthcare sector. This compliance allows DataGroomr to enter into Business Associate Agreements (BAAs) with customers needing or opting for the use of protected health information (PHI) within their DataGroomr instance.

How are Salesforce credentials handled?

DataGroomr is authorized to work with Salesforce through OAuth 2.0 protocol. Your Salesforce credentials never touch DataGroomr servers. Salesforce OAuth tokens are securely hashed with salt (which adds an additional layer of security to the hashing process) and stored in the encrypted DataGroomr database.

How does DataGroomr communicate with Salesforce CRMs?

When opening a group of duplicates, DataGroomr employs a sophisticated algorithm to make a secure Salesforce API call (via REST or SOAP authorized by Salesforce OAuth) to pull the data in real-time for user review. Once the group is closed, the data is released.

What type of encryption does DataGroomr use?

DataGroomr utilizes 2048-bit SSL encryption in-transit and at minimum AES-256 encryption at-rest.

How often does DataGroomr conduct security audits?

As an application listed on the Salesforce AppExchange, DataGroomr is subject to a mandatory annual security audit. Every year, DataGroomr has passed Salesforce’s intensive audit without fail. Internally, we perform security audits each time a release goes out (often more frequently).

What type of SOC2 compliance has DataGroomr met?

DataGroomr has been audited and met certification requirements for SOC 2 Type II in all 5 trust principles including Security, Availability, Processing integrity, Confidentiality and Privacy.