Dureach’s Commitment to Trust
We do our best to safeguard it by investing in security and honoring privacy principles as core tenets of our business. Our Trust Center provides helpful information about our legal terms of service, data privacy and compliance practices, security measures and our service performance. We’re here to help!
Navigation: Legal | Privacy | Compliance | Security | Status
Legal
The below are the key legal documents and policies that govern dureach’s services:
Data Governance and Privacy at Dureach
Overview
Dureach is a B2B marketing data engine that helps businesses discover and attract more ideal prospects, personalize their marketing and sales interactions, and enrich and inform their go-to-market systems.
Our Services are designed to help our customers and partners in a wide variety of ways, including by helping them determine which companies might make the best customers, identify the contacts within those organizations by department, role or seniority that might improve or expedite their interactions with those companies, and enabling them to personalize their interactions with those companies.
Dureach processes B2B data for your use within a business context, regardless of where an individual is based, across all of our solutions. This is essentially information that is available on someone’s business card, email signatures or company websites. Dureach does not collect or process sensitive personal data, such as health records, financial information, or economic status.
Our proprietary indexing systems (“Dureach Indexers”) collect information from a variety of sources in order to compile “Attribute Data” about corporations, non-profits, and similar entities (“Companies”) and the professionals that work for them (“Professionals”). A complete list of Attribute Data we make available to users of the Site and Services (defined below) can be found on our Attribute Data directory.
Dureach acquires the data used in our Services from our customers that use certain enrichment services, public datasets, third-party paid sources and when users use our free tools such as Dureach Connect.
Data Privacy
At Dureach, privacy and security are top priorities for us. Dureach understands the importance of protecting the critical business and personal information entrusted to Dureach by its customers.
Dureach is a registered data broker in California, and is subject to CCPA (California Consumer Privacy Act) and other applicable US privacy laws. We’re aligned with the General Data Protection Regulation (GDPR) principles. We continue to bolster our already-strong data protection practices by continuously evaluating and updating our company privacy policies and practices.
For privacy inquiries, please contact [email protected].
Dureach and the GDPR
The EU’s General Data Protection Regulation (GDPR) strengthens the rights of EU individuals regarding how their personal data is used & collected.
Dureach is headquartered in the United States. However, some of our enterprise customers may be based in the EU or engage in other activities that require them to comply with the GDPR.
Today, thousands of organizations rely on Dureach as the data backbone for their cutting-edge sales & marketing efforts. We know that our customers take GDPR seriously and need vendors that can help accommodate their GDPR needs. Our legal, operations, and product teams therefore, consistently ensure that we have appropriate product safeguards, policies, and knowledge to facilitate our customers’ continued use of dureach via our Platform and APIs.
Legal basis
Some elements of Attribute Data are not collected from data subjects directly; the legal basis for which Dureach’s processes such data includes the legitimate interest of both Dureach and its business customers, among other legal bases as applicable depending on the context. Dureach’s data is processed to provide business intelligence (for sales, marketing, and operations) and help organizations drive revenue by providing users with accurate and up-to-date business information.
Legitimate Interest
Many advanced privacy regimes require that personal data must be obtained and processed lawfully and fairly. Personal data should be collected and processed based on a legitimate purpose, after balancing the interests of the organization against the interests and rights of the individual whose data is processed.
The data collected by Dureach is limited and does not contain any special categories of personal data or data related to children.
Although any personal information about data subjects that we provide our customers access to can be found on business social platforms or during the course of normal business correspondence, we do not collect data directly from the data subjects. As a result, they may not know that their data is in our database. They can always exercise their rights in relation to their data through our Privacy Request Form.
Finally, Dureach follows data minimization principles and only collects data that are strictly necessary to achieve its purposes. Dureach has processes in place to limit the data processed to business contact information which is professional in nature. Through our Privacy Request Form, individuals can claim control over their data.
Compliance
People, process and technology are all considerations in how we approach information security and data privacy. To validate the effectiveness of our internal security controls, we engaged an independent auditor to assess our compliance with a framework which is specifically designed for software-as-a-service (SaaS) providers. Our security program is evaluated using AICPA’s SOC 2 Trust Services Criteria aligned with the controls contained in the COSO 2013 framework.
Dureach is SOC 2 Type 2 Compliant
Security
Dureach has implemented a security strategy that is largely influenced by emerging trends in the cybersecurity field and common threats that impact businesses in the technology sector. We maintain a security team which provides executive-level oversight and approval for security and compliance policy initiatives.
Personnel Security
We perform comprehensive background screenings on all new employees. All employees are required to sign non-disclosure agreements at the time of hire. Completion of our awareness and training program is required for all new hires as part of their onboarding plan. Ongoing refresher training activities are carried out throughout the year and participation is tracked.
Cloud and Network Architecture
Dureach utilizes Amazon Web Services and Google Cloud Platform data centers located in the United States. The AWS and GCP cloud infrastructure has been designed and managed in compliance with regulations, standards, and best practices.
Protecting Customer Data
Dureach supports TLS v1.2 and TLS v1.3 encryption to protect communications. Data is encrypted at rest using AES-256 bit encryption while in storage.
Incident Reporting
If you have any questions about Dureach’s security program or you need to escalate a security concern, please contact us at [email protected] or by phone to (888) 237-8136. We have a team responsible for security incident response that can assist.
Status
You can subscribe to real-time notifications about operational incidents and access status information about performance by visiting our status page at https://dureach.com/uptime.