Authentication
Chatdesk requires authentication for all application pages and resources, except for those specifically intended to be public. All authentication controls must be enforced on a trusted system, and all authentication controls fail securely.
We enforce the following password requirements and security standards:
Passwords must be a minimum of 10 characters in length and include a mix of uppercase and lowercase letters as well as numbers and symbols. Passwords are hashed. No plaintext passwords are stored.
Each time a user signs into Chatdesk.com, they receive a new, unique session identifier. When signing out, the session cookie is deleted from the client and the session identifier is invalidated on Chatdesk servers.
Security Program
The Chatdesk software development lifecycle (SDLC) includes many activities to foster building security into Chatdesk products:
Defining Security Requirements
Design (threat modeling and analysis, security design review)
Development controls (static analysis, manual peer code review)
Testing (3rd party security vulnerability assessments)
Deployment controls (security, confidentiality, integrity, and availability code reviews, canary release process).
Chatdesk clients (web, desktop, and API) are designed with security that, at a minimum, meets OWASP standards for software that is designed, developed, deployed and tested in accordance with leading industry standards (e.g., OWASP for web applications) and adhere to applicable legal, statutory, or regulatory compliance obligations.
Code Assessments
Automated source code analysis is utilized to find common defects. Manual source code analysis is performed on security-sensitive areas of code and new features and components. Independent security researchers are encouraged to report security issues to us at security@chatdesk.com
Policies
What Data We Collect
To provide an optimum experience to our customers and visitors, we collect various pieces of information. Examples of types of data that Chatdesk's service collects include: End user phone number, Date and time of call or SMS
Internal Access to Data
Access to Customers' information is restricted within Chatdesk and is only authorized for the purposes of providing direct customer support or for future product enhancements. Chatdesk subcontractors may have access to customer data when analyzing or maintaining infrastructure. Sensitive customer data is never shared with anyone outside of Chatdesk and its subcontractors.
Chatdesk takes the safety and security of your information seriously. We have implemented employee access controls that protect your information from unauthorized use:
Your account data is used only to provide services to you. Chatdesk does not sell, rent, or otherwise disclose the information you provide to us in setting up your account for any other purpose.
We limit access to your content and information to Chatdesk employees who require such information to perform their jobs, or as required to provide support to you.
Chatdesk employees are subject to disciplinary action, including but not limited to termination, if they are found to have abused their access to customer information. Chatdesk customers retain responsibility to ensure their use of our service is within compliance of applicable laws and regulations. This is described in the Chatdesk Master Subscription Agreement and online terms, which can be found at https://www.chatdesk.com/terms-of-service.html.
Network Security
Chatdesk regularly updates network architecture schema and maintains an understanding of the data flows between its systems. Firewall rules and access restrictions are reviewed for appropriateness on a regular basis.
Incident Response
Chatdesk has a Security Incident Response Plan designed to quickly and systematically respond to security incidents that may arise. The incident response plan is tested and refined on a regular basis.
Disaster Recovery
Chatdesk's infrastructure is designed to provide the best experience and to minimize service interruption due to hardware failure, natural disaster, or other catastrophes. Features include:
State of the art cloud providers: We use Microsoft Azure, Google Cloud and Amazon Web Services, which are trusted by thousands of businesses to store and serve our data/services.
Data replication: To help ensure availability in the event of a disaster, we replicate data across multiple data centers.