SECURITY

Crescendo is on a mission to make your workplace more inclusive through continuous, personalized diversity and inclusion education. We take security seriously at Crescendo, and we’re committed to being transparent about our practices to help you understand our approach. Your data is safe with us.

Protecting Customer Data

ENCRYPTION OF DATA IN TRANSIT AND AT REST

Crescendo transmits data over public networks using strong encryption. This includes data transmitted between Crescendo clients and Crescendo services, as well as data transmitted between your messaging platforms (i.e. Slack, Teams, and Google Suite) and Crescendo services. Crescendo supports the latest recommended cipher suites to encrypt traffic in transit, and takes reasonable measures to protect the information we collect from or about you (including your PII) from unauthorized access, use, or disclosure. Crescendo monitors the changing cryptographic landscape and upgrades the cipher suite choices as the landscape changes, while also balancing the need for compatibility with older clients.

Data at rest in Crescendo’s production network is also encrypted. This applies to all types of data at rest within Crescendo’s systems—relational databases, file stores, database backups, etc.

Crescendo services are hosted in Azure data centers. Azure offers state-of-the-art physical protection for the servers and related infrastructure that comprise the operating environment for the Crescendo services.

Each Crescendo customer’s data is hosted in Crescendo’s shared infrastructure and segregated logically by the Crescendo application. Crescendo uses a combination of storage technologies to ensure customer data is protected from hardware failures and returns quickly when requested.

 

AUTHORIZING ACCESS

To minimize the risk of data exposure, Crescendo adheres to the principle of least privilege—workers are only authorized to access data that they reasonably must handle in order to fulfill their current job responsibilities.

 

AUTHENTICATION

To further reduce the risk of unauthorized access to data, Crescendo employs multi-factor authentication for administrative access to systems with more highly classified data. Where possible and appropriate, Crescendo uses private keys for authentication.

 

DATA DISPOSAL

Customer data is removed immediately upon deletion. Crescendo hard deletes all information from currently running production systems. Backups are destroyed within 14 days. Crescendo follows industry standards and advanced techniques for data destruction.

 

CRESCENDO AND THE EU GENERAL DATA PROTECTION REGULATION (GDPR)

Crescendo is committed to being GDPR compliant. Related routes are available for both customers and end users to retrieve and remove their data from our systems. For more information on data portability and data management, visit our Privacy page.

 

Personnel Security

Crescendo’s personnel practices apply to all members of the Crescendo workforce (“workers”)—regular employees and independent contractors—who have direct access to Crescendo’s internal information systems (“systems”).. All workers are required to understand and follow internal policies and standards.

Before gaining initial access to systems, all workers must agree to confidentiality terms, pass a background screening, and attend security training. This training covers privacy and security topics, including device security, acceptable use, preventing malware, physical security, data privacy, account management, and incident reporting.

Upon termination of work at Slack, all access to Slack systems is removed immediately.

 

Conclusion

We take security seriously at Crescendo, because every person and team using our service expects their data to be secure and confidential. Safeguarding this data is a critical responsibility we have to our customers, and we work hard to maintain that trust. Should you have any further questions about security at Crescendo, please email security@getcrescendo.co.