Welcome to the Conversica Trust Center. We recognize that trust is built on transparency and earned with experience. For more than a decade we have been providing AI-powered digital assistant solutions from a SaaS platform, and we have implemented numerous safeguards to protect the data which our customers entrust to us.
Yes. We have processes in place to honor data subject requests. If we receive a request directly from a data subject for whom a Customer is the data controller, we will relay the request to the Customer for their response.
Yes. Every new vendor is reviewed prior to contracting pursuant to our Vendor Security Management Policy. This process includes a determination of whether the vendor will have access to personal data and a review of the vendor's security certifications and data protection controls to determine their adequacy. Key vendors are reviewed annually as part of our ISO 27001:2022 Information Security Management System.
Yes. Conversica has been certified by an independent auditor for compliance with the following standards: SOC II Type 2 Security Trust Principle and ISO/ICE 27001:2022. In addition, Conversica annually self-certifies its adherence to the EU-US Data Privacy Framework and UK extension thereto.
Yes. We have processes in place to honor data subject requests. Conversica will export, correct, or delete personal data for which a Customer is the data controller upon the Customer's request. If we receive a request directly from a data subject, we will work with the associated customer to honor the request.
No.
Conversica does utilize sub-processors who are listed at https://www.conversica.com/sub-processor/list-of-subprocessors/ All Customer Data is stored in Amazon Web Services data centers. The other sub-processors may or may not see a particular Customer’s data depending on which Conversica products and services that Customer is using.
Our clients utilize our conversational AI solutions to grow their revenue by attracting, acquiring, and better serving their customers. AI powers the revenue digital assistant (“RDA”) conversations which our customers deploy for this purpose. Our machine learning models deploy natural language processing, understanding, and generation using relevant, publicly available, anonymized data sets along with anonymized data derived from these RDA conversations. Our proprietary AI solutions use this data to continually learn and advance our analysis of the intent of those individuals engaging in the RDA conversations. This enhances the conversational models deployed by each RDA to continually improve their performance and predictive abilities, leading to high-quality experiences and outcomes.
With respect to the personal data which Conversica receives from its Customers and processes to initiate conversations with their prospects or customers, Conversica is a data processor. With respect to the data Conversica receives in connection with its own marketing efforts, Conversica is a data controller.
We certify to and rely on the EU-U.S. Data Privacy Framework, the United Kingdom (“UK”) extension thereto, and the Swiss-U.S. Data Privacy Framework as the primary transfer mechanisms. In addition, as a secondary mechanism we enter into the EU-approved Standard Contractual Clauses for cross-border transfers originating in the EU and similar contractual clauses for cross-border transfers originating in the UK.
Only Conversica personnel, such as customer support technicians, who need to access customer data in order to perform the ordered services will have access to customer data.
Yes. Conversica undergoes annual external penetration testing and semi-annual application penetration testing conducted by nationally recognized firms.
Conversica's Director of Information Security manages our audited and certified information security management system (ISMS) and is a member of our cross-functional security team, which includes members of our DevSecOps, legal, and sotware development teams. An executive management committee oversees the ISMS program and meets on a regular basis to consider security and compliance matters.
You can contact us via email us at security@Conversica.com.
Conversica continuously scans and monitors our production environment to detect possible intrusion and performs static and dynamic code analysis on a regular basis.
Yes. Customer data is encrypted at rest using AES 256 and in transit using TLS 1.2.
No. But if you choose to use our website chat feature you would need to download an small amount of open-source Javascript code to deploy the chat feature. Also, if your company used salesforce as its CRM system and you wanted to transfer data from it to Conversica via the Conversica API, you could download the Conversica app from the salesforce appexchange to faciliate this transfer.
Conversica has a responsible disclosure program which is similar to a bug bounty program. Please see the applicable policy at https://www.conversica.com/responsible-disclosure-policy/.
Yes. Conversica backs up Customer data in geographically zones that are different than where production data and systems are stored. Data is backed up on a daily basis.
Our IVAs initiate conversations with individuals on behalf of a customer via email and/or text utilizing contact information provided by the customer. To initiate a conversation by email with an individual a Conversica IVA would only need the name and email address for the individual although a Coversica customer may choose to provide other data regarding the individual because the use of additional personal data may enable a more productive conversation early on. Often our customers choose to integrate their CRM or DMS systems with Conversica so they can transfer select data back and forth via secure API.
All customer data is hosted in the cloud in the United States on Amazon Web Services facilities.