Security, Conformity and Privacy

At Dialog Insight security is our priority!

Have peace of mind, your data is safe at Dialog Insight!

 

To comply with applicable laws and protect your data, we have :

  • established strict rules of governance,
  • defined exemplary security measures,
  • set up rigorous control processes,
  • and follow industry best practices.

ISO27001 Certification

Dialog Insight is ISO27001 certified, an international standard for information security.

The International Organization for Standardization 27001 (ISO 27001) is an information security standard that ensures the confidentiality, integrity and security of offices, development centers, support centers and data centers.

SOC II Compliance

The SOC (System and Organization Controls) certification was created by the American Institute of Certified Public Accountants (AICPA) with the objective of guaranteeing the protection of data against unauthorized access and cyber threats.

Dialog Insight performs annual SOC II audits on information security, availability, processing integrity, privacy and confidentiality.

Data Protection Officer (DPO)

Alain Marceau, Vice-President Finance and Founder, is the Data Protection Officer at Dialog Insight.

To reach him, email dpo@dialoginsight.com or call +1 866 529-6214.

The “Data Protection Officer” or “Data Privacy Officer” (DPO) is a term used to designate the “person responsible for setting up and securing the personal data” used by a company. Its role is to ensure that the processes are properly aligned with the laws and regulations in force in the industry.

Legal compliance

Dialog Insight complies with data confidentiality and privacy laws in Quebec, Canada, the United States, the European Union, and elsewhere in the world.

Our technical teams work with specialist lawyers to ensure that our products and features comply with international spam and privacy laws.

Complies with Law 25 in Quebec

Dialog Insight complies with the new Law 25 requirements. We have :

  • appointed a Data Protection Officer (DPO) whose contact details are published on our website
  • created a register to collect any information relating to a possible security incident.

In the event of a confidentiality incident, Dialog Insight will immediately notify the Commission d’accès à l’information du Québec (CIAQ) and the persons concerned, if the incident presents a risk of serious prejudice.

Complies with Bill C-28 in Canada

Dialog Insight was the first Canadian company to deploy a solution meeting the requirements of Bill C-28, in order to manage consents.

Through our platform’s consent center, you easily control explicit and implicit sending rights. You can communicate without concern with your contacts according to the consents they have granted you.

Complies with GDPR in Europe

Dialog Insight allows you to comply with the regulations in force in the European Union regarding the protection of personal data, such as:

  • The right to be forgotten and the destruction of data on request
  • Data retention
  • Data accessibility

Protection and security of our platform

The Dialog Insight platform is encrypted using a TLS protocol.

Login pages and API logins are protected against brute force attacks.

Dialog Insight account passwords are secured by a hashing algorithm. No one can access it, even our team. If you lose your password, it cannot be recovered, it will be reset.

As a security measure, we regularly perform security penetration tests using various external providers. Testing involves high-level server penetration testing, extensive testing for vulnerabilities inside the platform, and social engineering testing.

We also offer single sign-on for connecting to our platform via our customers’ SAML identity provider (IdP). Thanks to this option, the client user already connected to their system will be able to use the Dialog Insight platform without having to connect to it, since he is already authenticated in a first system. Dialog Insight strongly recommends the implementation of such a data protection measure.

Protection and security of our data centers

Our data centers are protected, 24 hours a day, 7 days a week, with biometric scanners and state-of-the-art elements in the field of computer security.

We have implemented DDoS attack mitigation measures in all our data centers.

We have a documented infrastructure continuity plan in the event of an attack on our data centers.

Protection, security and backup of your data

All data under our responsibility is saved in highly secure environments with very strict access, and in compliance with the laws in force in their respective countries.

The data of our Canadian customers is hosted in Canada, that of our French customers is hosted in France.

Data is mirrored and regularly backed up offsite.

All databases are kept separately and are protected against corruption and overlap. We have several logic circuits to separate user accounts from each other.

You can decide the level of access you grant to your employees. At any time, you can define the permission and rules specific to each of your users.

Access to your data by our team is granted only upon approval and is limited to those who absolutely must obtain it to manage your account.

Protection and safety of our working environments

Dialog Insight premises are secured with biometric and key card access. They are monitored by infrared cameras 24 hours a day.

We have an internal security team dedicated to monitoring our environment and looking for possible vulnerabilities. They perform penetration testing and social engineering exercises in our environment and with our employees.

Training and verification of our staff

Dialog Insight trains its employees in security best practices, including how to identify social engineering, phishing scams and hacking.

Teams with access to customer data undergo criminal background checks, as well as pre-employment credit checks.

All employees sign a privacy agreement outlining their responsibility to protect customer data.

To protect our business, we have taken out a comprehensive insurance program that covers:

  • cyber attacks,
  • data privacy incidents (including regulatory fees),
  • incidents relating to liability in the event of errors and omissions,
  • incidents of cyber excess liability,
  • incidents against property and operating losses,
  • general liability incidents of international companies.

Protection against the unexpected

In the event of an incident, if your computer is compromised or someone enters your account, Dialog Insight automatically suspends accounts with irregular or suspicious login activity.

Furthermore :

  • changing passwords, automatically trigger an email notification to notify the account owner.
  • We monitor accounts and campaign activity for any signs of abuse.
  • Complementing the evolving algorithms, we employ human reviewers who monitor anomalous account and email activity.
  • We offer two-factor authentication.
  • We offer the possibility of establishing hierarchical levels of access in accounts.

If in doubt, contact us

If you have discovered a vulnerability in the platform or believe your account has been compromised, contact us by email at dpo@dialoginsight.com.