Salefusion’s data security and compliance

    All Sugar Market, formerly known as Salesfusion, customer data is housed in a secure SOC 1 & 2 SSAE 16 audited facility at Amazon Web Services, utilizing a multi-tenant environment that is partitioned logically and isolated to prevent unauthorized access.

    • Sugar Market utilizes AES encryption at the 256 bit block size.
    • Sugar Market has rigorous processes and security controls in place, including: physical access controls, data access controls, data transmission controls, and data entry controls.
    • Sugar Market monitors for intrusion detection to ensure that our best-in-class security is constantly maintained and maintains a detailed set of logs for platform user and API activities.
    • In the case of a data breach, Sugar Market will notify customers no later than 72 hours after having become aware of it.
    • Sugar Market utilizes TLS encryption, which is a stronger encryption algorithm that has the ability to work on different ports. Sugar Market sends emails using TLS level encryption in all cases where it is available with the destination mail server.

    For our EU customers, by default all data is hosted in Europe on Amazon Web Services facility in Ireland.

    • Sugar Market is GDPR compliant.
    • Sugar Market participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. Sugar Market Privacy Shield Certification
    • All customer data is stored in our secure facility in Amazon Web Services, which maintains the ISO 27018 certification (standard for protecting Personally Identifiable Information in the cloud).
    • While Sugar Market functions as the data processor rather than a collector, we will continue to build additional submission / consent features that enable our customers to capture a positive opt-in (consent cannot be inferred from silence, preticked boxes or inactivity, etc) to ensure you have easy access to consent records.
    in Data Security

    Reach out to us for help