There is a more up-to-date version of this article. See http://www.rivacrmintegration.com/trust/.
Outline of the information privacy and data retention policy:
The best way to think of Riva Cloud is as an information straight pass-through architecture. Unlike a BlackBerry Enterprise Server, Novell Data Synchronizer, Good Technologies, or other data sync solutions, Riva Cloud does not retain a copy of your email messages, address books, calendar, or other CRM data. Riva Cloud does a data redirect. It transfers emails and CRM data without actually storing any of the personal data on the Riva Cloud data storage systems.
Riva Cloud is hosted on the Amazon Infrastructure.
Additional details on the following items are available here: http://aws.amazon.com/security/.
As a core principle, during synchronization, none of the Riva components cache or write the message content of emails or store any private information for opportunities, cases, quotes, projects, contacts, accounts, appointments, etc. to any persistent storage on the Riva servers at any time. This information is retrieved, received, converted, transformed, and transmitted, and an absolute minimal information sub-set is stored.
If the metadata is opened using query tools, it is not possible to re-create the item or to determine any details about the content that had previously synchronized from the information stored in the metadata. The metadata alone cannot be used to build or restore any information that has been previously synchronized.
Riva considers content fields to be fields like email or appointment subject, location, body, attachments, attendee lists, or recipients lists. These fields and those like it which contain “content relevant to the record intention” is never stored in the metadata.
For performance reasons, by default, Riva stores a dynamic mapping of email addresses and website domains for related contacts and accounts that have been synchronized. This avoids the additional network communication required for common relationship look-ups when the information is available for items that have already processed. This greatly improves scalability and reduces synchronization times when handling relational data in reference to email recipients and appointment attendees. Additional configuration can adjust this behavior so that the raw values are not stored resulting instead in a hash of the email addresses or optionally this optimization can be completely disabled to ensure data privacy.
All communication / network traffic between the end user and the Riva web interface is encrypted with industry standard SSL certificates (thawte, Inc. - Extended Validation SSL).
The communication / network traffic between the Riva Cloud synchronization service and each target system depends on the URL provided during the connection wizard process. If the URL starts with https://, Riva establishes a secure tunnel via SSL to the HTTP service. The use of HTTPS is always recommended whenever possible and available.
Riva Cloud provides a multi-tenant or a single-tenant synchronization service. Each user's information is stored in separate databases. Each synchronized user receives a unique database. Companies that are interested in reviewing information that is being cached for their accounts can receive a link to the meta directory information to see what is being cached. To request a copy of this information, contact the Riva Success Team.
Riva Cloud Activity Logging
Riva keeps certain limited information in log files in order to carry out troubleshooting activities and to allow each user and account administrator to keep track of the synchronization process. Companies can view their activity data logs and logged information at any time by selecting the View Synchronization button in the Riva Cloud interface.
Riva Cloud log files are deleted on a scheduled basis to reduce storage requirements. The information Riva Cloud writes to the log files is limited (email addresses, subject line of object types that are being synchronized, archived, or SmartConverted). Riva Cloud retains the name of the folder in which the SmartConvert or email archive process is carried out. The content of a synchronized email, appointment, contact, opportunity, or other object type is never kept in persistent storage by Riva and is, therefore, not kept in cache or in the log files. A sample of a Riva Cloud log file is found as an attachment at the bottom of this article.
Restricted Access to Riva Cloud Diagnostics Log Files
Riva access to the Riva Cloud log files is restricted to the Riva Chief Architect and the Riva CTO.