Our Commitment to Trust
As a key partner in your mobile sales enablement strategy, Modigie is dedicated to earning and maintaining your trust. We accomplish this by ingraining our three pillars of trust into every process in our organization:
Partnering with the Best
Modigie has partnered with Google Cloud and Salesforce, both best-in-class infrastructure providers whose security, compliance, and availability standards are industry leaders.
Modigie has also partnered with Drata to implement real-time security monitoring and OneTrust to assure that privacy and compliance are an integral part of our business processes. This translates into immediate value for all of Modigie’s customers.
Security
Modigie is a San Francisco Bay Area based Software as a Service company that provides clients with highly accurate, timely and current sales enablement information so their sales reps never have to waste time calling the wrong people or using bad contact information again. We pride ourselves on the ultra-high level of process rigor and ethical guidelines that are core to our Trust ethos. When it comes to systems security, Modigie doesn’t cut any corners.
SECURE PEOPLE PROCESSES
Benefit from best in class security schemes as provided by Google Cloud and Salesforce.
Using the proven Drata platform, all staff (employees / contractors / advisors) are subject to:
- International background checks
- Non-Disclosure & Confidentiality Agreements
- Security training (initial and ongoing)
- Automated security testing
- Real-time agent managed monitoring
APPLICATION & API ENDPOINT SECURITY
In addition to the already proven security of Google Cloud and Salesforce, Modigie employs additional layers of security for our application development, testing and support
- 2-Factor Authentication for internal systems
- Strong password and encryption requirements for internal users
- Code analysis & vulnerability scanning
- Ongoing program of penetration testing
Network security
For the processes we can control, Modigie implements proven network security practices that meet or exceed client expectations.
-
- HTTPS encryption enforced at the browser
- Strong encryption enforced at the API endpoint
- Robust application firewalls provided by Google Cloud and Salesforce
- Least privilege access control standards
- Security & Event Monitoring for all Google Cloud processes
- Ongoing program of audit, evaluation and improvement
cloud and information SECURITY
- Robust Google Cloud intrusion detection & prevention
- Hardened API endpoints (strong encryption enforced)
- Encryption of all data in flight and at rest.
- Highly Available & Scalable Infrastructure provided by Google Cloud and Salesforce
- Full backup of all internal processing data taken multiple times daily provides high confidence of near zero data loss.
RISK MANAGEMENT PRACTICES
- Drata provides real-time, agent controlled people process & equipment security
- Google Cloud & Salesforce provide robust access control & monitoring
- SOC 2 Type 1 certified practices
- OneTrust Compliance platform
- Strong vendor vetting
- Robust set of governance policies
Privacy
Modigie processes information on behalf of clients that intend to use it for legitimate business to business marketing purposes. Modigie clients are required to affirm that they have the right to use the information sent to Modigie for validation and enrichment and intend to use it for business to business purposes. Clients may use the information we provide to contact you in order to market products and/or services to the individual’s employer company. Modigie does not engage with organizations that market to individual consumers.
Categories of personal data concerned
Modigie clients gather business contact information on individuals working in certain business organizations through means not known to Modigie. The information provided to Modigie by clients is:
- Name
- Business Email Address
- Phone Number
- Company
- LinkedIn URL (Optional)
Modigie uses this information to validate and enrich client information so they can better serve their target clients. Modigie does not collect information such as home addresses, government identification numbers, or sensitive personal data.
CATEGORIES OF B2B Customers TO WHOM THE PERSONAL DATA HAS OR WILL BE DISCLOSED
The categories of Modigie clients (and their employees) that may have or will request Modigie to enrich their data are comprised of, but not limited to, business-to-business (B2B), sales, marketing, and recruiting professionals at organizations who have purchased a Modigie solution.
DATA RETENTION POLICY
Modigie is a validation and enrichment engine for prospect contact information and endeavors to provide the most timely and accurate information possible. Therefore, Modigie validates each record request, regardless of the amount of times it has been requested by any client, in real-time. As a result, it is important to understand that Modigie is not a database and does not store personal data for future client retrieval. No client can “query” Modigie and look up a record from a list of existing records. All requests are treated as new and all request data sent back to the client is logically forgotten as soon as it is processed. Modigie does maintain transaction log files for performance analysis and customer service purposes. These log files are encrypted and not accessible by any API or query except for Modigie’s internal use to measure system performance and provide customer support. Log files can only be accessed by internal Modigie Support and are purged periodically as per our Data Retention Policy.
RIGHT TO REQUEST RECTIFICATION, OBJECTION OF PROCESSING, RESTRICTION OF PROCESSING, OPT-OUT OF SALE, and/or ERASURE OF PERSONAL DATA
Modigie has appropriate processes and procedures in place to honor all requests of data subjects as they relate to the rights set forth in the GDPR, CCPA, and any other applicable data protection regulation. Data subjects may exercise these rights at any time, and free of charge by following this link.
RIGHT TO LODGE A COMPLAINT WITH SUPERVISORY AUTHORITY
If you feel that we have not complied with the regulation, you have the right to lodge a complaint with the appropriate supervisory authority in your country.
ANY AVAILABLE INFORMATION AS TO THE SOURCE OF THE PERSONAL DATA
Modigie gathers information from several sources, which includes websites, third party data providers, through first-hand research, and other information found in the public domain.
EXISTENCE OF AUTOMATED DECISION MAKING
There is no existence of automated decision making, including profiling. At our customers request, Modigie treats each record individually and does not store information for future retrieval. It is important to remember that Modigie is not a database, we are a real-time validation and enrichment system that delivers today’s sales information, today.
Compliance
At Modigie, trust is a core ethos, and nothing is more important than the success of our customers and the protection of their data. Modigie enables our customers to build trusted relationships leveraging the mobile channel and this includes protecting individual privacy through compliance with global data protection laws. Modigie is committed to both complying with applicable data protection laws when providing services to our customers as a processor, and to ensuring that our customers can use our services while complying with their own obligations under applicable data protection laws. We view compliance as a partnership. As part of our commitment to our customers, we’ve achieved SOC 2 Type 1 certification to demonstrate our corporate commitment to our clients, applicable data subjects and the global community.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that regulates the use of personal data of EU residents and provides individuals rights to exercise control over their data. We are committed to our customers’ success, including supporting them on their GDPR compliance journeys.
Modigie does not currently enter into contracts with companies that require our systems to process personal data that is subject to GDPR. For situations when this type of data may be sent to Modigie by mistake, we have partnered with OneTrust to enable applicable, valid data subjects to make a request. More information can be found here.
CALIFORNIA CONSUMER PROTECTION ACT (CCPA)
Modigie is committed to complying with all applicable regulations that affect our business. This includes the California Consumer Protection Act (CCPA). In order to comply with the CCPA, Modigie is registered as a Data Broker in California. Our registration can be validated on the CA DOJ website here. Modigie is committed to adhering to all applicable regulations and has partnered with OneTrust to provide a mechanism for consumers to make a request to Modigie as it applies to the CCPA or other applicable US regulations using this link here.
Telephone Consumer Protection Act (TCPA)
The Telephone Consumer Protection Act was enacted by Congress in 1991 to protect consumers from unwanted solicitation telephone calls. This law intends to protect consumers by imposing financial penalties on companies that ignore individuals requests to not receive consumer solicitation phone calls. The TCPA is a business to consumer law and does not broadly apply to Business to Business outreach. Modigie is not a database and does not maintain any “Do-Not-Call” information. Further, Modigie does not enter into contracts with clients that make direct to consumer marketing calls which may be subject to the TCPA. If you feel that you have been improperly contacted, we recommend that you reach out to the firm from which you were called and ask to be put on their “Do-Not-Call” list and update your contact information with the Federal Government: https://www.donotcall.gov/