Riva Cloud Information Privacy - What Information is Retained?

Article ID: 255
Last updated: 23 Mar, 2017

Outline of the information privacy and data retention policy:

Riva Cloud Data Architecture

The best way to think of Riva Cloud is as an information straight pass-through architecture. Unlike a BlackBerry Enterprise Server, Novell Data Synchronizer, Good Technologies, or other data sync solutions, Riva Cloud does not retain a copy of your email messages, address books, calendar, or other CRM data. Riva Cloud does a data redirect. It transfers emails and CRM data without actually storing any of the personal data on the Riva Cloud data storage systems.

Data Center and Certifications

Riva Cloud is hosted on the Amazon Infrastructure.

Additional details on the following items are available here: http://aws.amazon.com/security/.

Certifications

  • SOC 1/SSAE 16/ISAE 3402
  • SOC 2
  • FISMA, DIACAP, and FedRAMP
  • PCI DSS Level 1
  • ISO 27001
  • FIPS 140-2

Compliance

  • HIPAA
  • CSA
  • MPAA

Collecting Information

As a core principle, during synchronization, none of the Riva components cache or write the message content of emails or store any private information for opportunities, cases, quotes, projects, contacts, accounts, appointments, etc. to any persistent storage on the Riva servers at any time. This information is retrieved, received, converted, transformed, and transmitted, and an absolute minimal information sub-set is stored.
 
In order to synchronize, Riva persists certain minimum types of information for core functionality and performance improvement. Some of this information includes data fields like the unique record database ID, modification date time stamps, and item change revisions. This information is kept in persistent storage unique to each user. This persistent storage is referred to as the transaction database or as metadata.

If the metadata is opened using query tools, it is not possible to re-create the item or to determine any details about the content that had previously synchronized from the information stored in the metadata.  The metadata alone cannot be used to build or restore any information that has been previously synchronized.

Riva considers content fields to be fields like email or appointment subject, location, body, attachments, attendee lists, or recipients lists. These fields and those like it which contain “content relevant to the record intention” is never stored in the metadata.

For performance reasons, by default, Riva stores a dynamic mapping of email addresses and website domains for related contacts and accounts that have been synchronized. This avoids the additional network communication required for common relationship look-ups when the information is available for items that have already processed. This greatly improves scalability and reduces synchronization times when handling relational data in reference to email recipients and appointment attendees. Additional configuration can adjust this behavior so that the raw values are not stored resulting instead in a hash of the email addresses or optionally this optimization can be completely disabled to ensure data privacy.

Communication and Network Traffic Encryption

All communication / network traffic between the end user and the Riva web interface is encrypted with industry standard SSL certificates (thawte, Inc. - Extended Validation SSL).

The communication / network traffic between the Riva Cloud synchronization service and each target system depends on the URL provided during the connection wizard process. If the URL starts with https://, Riva establishes a secure tunnel via SSL to the HTTP service. The use of HTTPS is always recommended whenever possible and available.

Requesting Access to Collected Information

Riva Cloud provides a multi-tenant or a single-tenant synchronization service. Each user's information is stored in separate databases. Each synchronized user receives a unique database. Companies that are interested in reviewing information that is being cached for their accounts can receive a link to the meta directory information to see what is being cached. To request a copy of this information, contact the Riva Success Team.

Riva Cloud Activity Logging

Riva keeps certain limited information in log files in order to carry out troubleshooting activities and to allow each user and account administrator to keep track of the synchronization process. Companies can view their activity data logs and logged information at any time by selecting the View Synchronization button in the Riva Cloud interface.

Riva Cloud log files are deleted on a scheduled basis to reduce storage requirements. The information Riva Cloud writes to the log files is limited (email addresses, subject line of object types that are being synchronized, archived, or SmartConverted). Riva Cloud retains the name of the folder in which the SmartConvert or email archive process is carried out. The content of a synchronized email, appointment, contact, opportunity, or other object type is never kept in persistent storage by Riva and is, therefore, not kept in cache or in the log files. A sample of a Riva Cloud log file is found as an attachment at the bottom of this article.

Restricted Access to Riva Cloud Diagnostics Log Files

Riva access to the Riva Cloud log files is restricted to the Riva Chief Architect and the Riva CTO.

This article was:   Helpful | Not helpful Report an issue


Article ID: 255
Last updated: 23 Mar, 2017
Revision: 10
Views: 4013
Comments: 0
Attached files
item crmex-log (2011-12-5)-8.txt (33 kb) Download

Prev     Next
Background Technical Information       How Does Riva Communicate with Exchange?


Back to Top