Riva Cloud - Operations Policy Overview - What Information is Retained?

Article ID: 255
Last updated: 06 Mar, 2019
There is a more up-to-date version of this article. See http://www.rivacrmintegration.com/trust/.

Outline of the information privacy and data retention policy:

Riva Cloud Data Architecture

The best way to think of Riva Cloud is as an information straight pass-through architecture.

Riva acts as a bridge that interconnects multiple data systems together, allowing information to flow between data systems based on a policy-driven, rules-based, centralized configuration. Riva will detect changes to data, transform the data, and synchronize the changes.

Unlike many other data sync solutions, Riva Cloud does not retain a copy of your all your email messages, address books, calendar, or other CRM data. Riva Cloud uses a "read and forward" style data redirect allowing transfers of emails and other CRM data without actually persisting any of the personal data on the Riva Cloud data storage systems.

Data Center and Certifications

Riva Cloud is hosted on the Amazon Infrastructure. 

Riva Cloud is available to customers globally, but your data shouldn’t be. With transparency and data residency in mind, Riva has announced specific local regional availability.  More details are available here.

Our team uses all reasonable efforts to secure our computing and cloud infrastructure environment reflecting generally accepted industry standard logical security controls designed to ensure the security and integrity of client data.

Additional details on the following items are available here: http://aws.amazon.com/security/.

Certifications

  • SOC 1/SSAE 16/ISAE 3402
  • SOC 2
  • FISMA, DIACAP, and FedRAMP
  • PCI DSS Level 1
  • ISO 27001
  • FIPS 140-2

Compliance

  • HIPAA
  • CSA
  • MPAA

Collecting Information

As a core principle, during synchronization, none of the Riva components persist message content of emails or store any private information for opportunities, cases, quotes, projects, contacts, accounts, appointments, etc. to any long-term storage on the Riva servers at any time. This information is retrieved, received, converted, transformed, and transmitted, and an absolute minimal information sub-set is stored.
 
In order to synchronize data between systems, Riva persists certain minimum types of information for core functionality and performance improvement. Some of this information includes data fields like the unique record database ID, modification date time stamps, and item change revisions. This information is kept in persistent storage unique to each user. This persistent storage is referred to as the transaction database or as metadata.

If the metadata is opened using query tools, it is not possible to re-create the item or to determine any details about the content that had previously synchronized from the information stored in the metadata.  The metadata alone cannot be used to build or restore any information that has been previously synchronized.

Riva considers content fields to be fields like email or appointment subject, location, body, attachments, attendee lists, or recipients lists. These fields and those like it which contain “content relevant to the record intention” is never stored in the metadata.

For performance reasons, by default, Riva stores a dynamic mapping of email addresses and website domains for related contacts and accounts that have been synchronized. This avoids the additional network communication required for common relationship look-ups when the information is available for items that have already processed. This greatly improves scalability and reduces synchronization times when handling relational data in reference to email recipients and appointment attendees. On a per-customer basis, additional configuration can adjust this behavior so that the raw values are not stored resulting instead in a hash of the email addresses or optionally this optimization can be completely disabled to ensure data privacy.

Communication and Network Traffic Encryption

When ever possible, communication / network traffic between the end user and the Riva Cloud and Riva marketing web interface is encrypted with industry standard SSL certificates with using recent versions of TLS.

The communication / network traffic between the Riva Cloud synchronization service and each target system depends on the URL provided during the connection wizard process. If the URL starts with https://, Riva establishes a secure tunnel via SSL/TLS to the target HTTP web service. The use of HTTPS is always recommended whenever possible and available.

Requesting Access to Collected Information

Riva Cloud provides a multi-tenant or a single-tenant synchronization service. Each user's information is stored in separate databases. Each synchronized user receives a unique database. Companies that are interested in reviewing information that is being cached for their accounts can receive a link to the meta directory information to see what is being cached. To request a copy of this information, contact Riva’s Data Privacy Officer.

Riva Cloud Activity Logging

Riva keeps certain limited information in log files in order to carry out troubleshooting activities and to allow each user and account administrator to keep track of the synchronization process. Companies can view their activity data logs and logged information at any time by selecting the View Synchronization button in the Riva Cloud interface.

Riva Cloud log files are deleted on a scheduled basis to reduce storage requirements. The information Riva Cloud writes to the log files is limited (email addresses, subject line of object types that are being synchronized, archived, or SmartConverted). Riva Cloud retains the name of the folder in which the SmartConvert or email archive process is carried out. The content of a synchronized email, appointment, contact, opportunity, or other object type is never kept in persistent storage by Riva and is, therefore, not kept in cache or in the log files. A sample of a Riva Cloud log file is found as an attachment at the bottom of this article.

Restricted Access to Riva Cloud Logging

Internal access to the Riva Cloud audit, activities and diagnostics is highly restricted.  Audit logs are maintained for up to 7 years.

This article was:   Helpful | Not helpful Report an issue


Article ID: 255
Last updated: 06 Mar, 2019
Revision: 13
Views: 7165
Comments: 0
Attached files
item crmex-log (2011-12-5)-8.txt (33 kb) Download

Prev     Next
Background Technical Information       How Does Riva Communicate with Exchange?


Back to Top