SugarCRM SupportPoliciesData ProtectionSugar Market's Data Security and Compliance Statement

Sugar Market's Data Security and Compliance Statement

 

All Sugar Market customer data is housed in a secure SOC 1 & 2 SSAE 16 audited facility at Amazon Web Services, utilizing a multi-tenant environment that is partitioned logically and isolated to prevent unauthorized access.

  • Sugar Market utilizes AES encryption at the 256 bit block size.
  • Sugar Market has rigorous processes and security controls in place, including: physical access controls, data access controls, data transmission controls, and data entry controls.
  • Sugar Market monitors for intrusion detection to ensure that our best-in-class security is constantly maintained and maintains a detailed set of logs for platform user and API activities.
  • In the case of a data breach, Sugar Market will notify customers no later than 72 hours after having become aware of it.
  • Sugar Market utilizes TLS encryption, which is a stronger encryption algorithm that has the ability to work on different ports. Sugar Market sends emails using TLS level encryption in all cases where it is available with the destination mail server.

For our EU customers, by default all data is hosted in Europe on an Amazon Web Services facility in Ireland.

  • Sugar Market is GDPR compliant.
  • All customer data is stored in our secure facility in Amazon Web Services, which maintains the ISO 27018 certification (standard for protecting Personally Identifiable Information in the cloud).
  • While Sugar Market functions as the data processor rather than a collector, we will continue to build additional submission/consent features that enable our customers to capture a positive opt-in (consent cannot be inferred from silence, pre-ticked boxes or inactivity, etc.) to ensure you have easy access to consent records.