Security at Conversica

Yes. We have processes in place to honor data subject requests. If we receive a request directly from a data subject for whom a Customer is the data controller, we will relay the request to the Customer for their response.

Yes. Every new vendor must be vetted by the Legal and Security teams. This process includes completion of a detailed questionnaire, analysis of whether the vendor will have access to personal data, and submission of their security certifications.

Yes. We have processes in place to honor data subject requests. Conversica will export, correct, or delete personal data for which a Customer is the data controller upon the Customer's request. If we receive a request directly from a data subject, we will work with the associated customer to honor the request.

No.

Conversica does utilize sub-processors who are listed at https://www.conversica.com/sub-processor/list-of-subprocessors/ All Customer Data is stored in Amazon Web Services data centers. The other sub-processors may or may not see a particular Customer’s data depending on which Conversica products and services that Customer is using.

Our clients utilize our conversational AI solutions to grow their revenue by attracting, acquiring, and better serving their customers. AI powers the intelligent virtual assistant (“IVA”) conversations which our customers deploy for this purpose. Our machine learning models deploy natural language processing, understanding, and generation using relevant, publicly available, anonymized data sets along with anonymized data derived from these IVA conversations. Our proprietary AI solutions use this data to continually learn and advance our analysis of the intent of those individuals engaging in the IVA conversations. This enhances the conversational models deployed by each IVA to continually improve their performance and predictive abilities, leading to high-quality experiences and outcomes.

With respect to the data collected and stored by our Customers, the Customer is the Data Controller, and Conversica is the Data Processor. We will enter into a Data Processing Agreement or DPA with any Customer that requests one.

We utilize the EU-approved Standard Contractual Clauses for cross-border transfers originating in the EU and similar contractual clauses for cross-border transfers originating in the UK.

Yes. Conversica undergoes annual application and network penetration tests conducted by nationally recognized firms.

Conversica maintains an information security management system (ISMS), including the adoption and enforcement of internal policies and procedures, designed to minimize security risks through risk assessment, regular testing, and mitigation. Our head of security, who holds CISSP, CISM, MIS certifications, directs the program and leads regular infosec team meetings. An executive management committee (ISMC) oversees the ISMS program and meets on a regular basis to consider security and compliance matters.

You can contact us via email us at security@Conversica.com.

Conversica continuously scans and monitors our production environment to detect possible intrusion and performs static and dynamic code analysis on a regular basis.

No. But if you choose to use our website chat feature you would need to download an small amount of open-source Javascript code to deploy the chat feature. Also, if your company used salesforce as its CRM system and you wanted to transfer data from it to Conversica via the Conversica API, you could download the Conversica app from the salesforce appexchange to faciliate this transfer.

Conversica does not have a bug bounty program at this time.

Yes. Conversica utilizes geographically separate environments to backup Customer data. Data is backed up at minimum on a daily basis.

Our IVAs initiate conversations with individuals on behalf of a customer via email and/or text utilizing contact information provided by the customer. To initiate a conversation by email with an individual a Conversica IVA would only need the name and email address for the individual although a Coversica customer may choose to provide other data regarding the individual because the use of additional personal data may enable a more productive conversation early on. Often our customers choose to integrate their CRM or DMS systems with Conversica so they can transfer select data back and forth via secure API.