Dureach’s Commitment to Trust
This Trust Center brings together the main legal, privacy, security, and service-status information available on the Dureach website. It is designed to help customers, partners, and visitors understand where to find core policies and how to contact the right team for sensitive requests.
Navigation: Legal | Privacy | Compliance | Security | Status
Legal
The below are the key legal documents and policies that govern dureach’s services:
Data Governance and Privacy at Dureach
Overview
Dureach provides workflow software and related services for teams using research, outreach, publishing, website, and operator-reviewed execution workflows.
Depending on the workflow being used, Dureach may process account information, workspace activity, business contact data, and user-provided inputs needed to operate the service and support customer requests.
Dureach aims to limit data use to business-relevant contexts and operational needs. Dureach does not intend for the service to be used for sensitive personal data such as health records or financial account information.
Additional details about privacy requests and data handling are available on the Privacy page and Remove My Data Policy.
This page is intended as a central starting point for trust-related review. It summarizes where to find legal documents, how to contact the right team, and which areas of privacy, compliance, and security are addressed on the public website.
Data Privacy
At Dureach, privacy and security are top priorities for us. Dureach understands the importance of protecting the critical business and personal information entrusted to Dureach by its customers.
For privacy inquiries, please contact [email protected].
Dureach and the GDPR
The EU’s General Data Protection Regulation (GDPR) strengthens the rights of EU individuals regarding how their personal data is used & collected.
Dureach is headquartered in the United States. However, some of our enterprise customers may be based in the EU or engage in other activities that require them to comply with the GDPR.
Today, thousands of organizations rely on Dureach as the data backbone for their cutting-edge sales & marketing efforts. We know that our customers take GDPR seriously and need vendors that can help accommodate their GDPR needs. Our legal, operations, and product teams therefore, consistently ensure that we have appropriate product safeguards, policies, and knowledge to facilitate our customers’ continued use of dureach via our Platform and APIs.
Legal basis
Where applicable, Dureach processes data under the legal bases that fit the specific service context, including customer instructions, legitimate interests, and other lawful grounds as appropriate.
Legitimate Interest
Many advanced privacy regimes require that personal data must be obtained and processed lawfully and fairly. Personal data should be collected and processed based on a legitimate purpose, after balancing the interests of the organization against the interests and rights of the individual whose data is processed.
Dureach seeks to limit data collection to what is necessary for service delivery, support, security, and related business operations.
Individuals can exercise applicable rights and submit requests through our privacy process.
Finally, Dureach follows data minimization principles and aims to collect only the information necessary for the relevant purpose.
Compliance
People, process and technology are all considerations in how we approach information security and data privacy. To validate the effectiveness of our internal security controls, we engaged an independent auditor to assess our compliance with a framework which is specifically designed for software-as-a-service (SaaS) providers. Our security program is evaluated using AICPA’s SOC 2 Trust Services Criteria aligned with the controls contained in the COSO 2013 framework.
Dureach is SOC 2 Type 2 Compliant
Security
Dureach has implemented a security strategy that is largely influenced by emerging trends in the cybersecurity field and common threats that impact businesses in the technology sector. We maintain a security team which provides executive-level oversight and approval for security and compliance policy initiatives.
Personnel Security
We perform comprehensive background screenings on all new employees. All employees are required to sign non-disclosure agreements at the time of hire. Completion of our awareness and training program is required for all new hires as part of their onboarding plan. Ongoing refresher training activities are carried out throughout the year and participation is tracked.
Cloud and Network Architecture
Dureach utilizes Amazon Web Services and Google Cloud Platform data centers located in the United States. The AWS and GCP cloud infrastructure has been designed and managed in compliance with regulations, standards, and best practices.
Protecting Customer Data
Dureach supports TLS v1.2 and TLS v1.3 encryption to protect communications. Data is encrypted at rest using AES-256 bit encryption while in storage.
Incident Reporting
If you have any questions about Dureach’s security program or you need to escalate a security concern, please contact us at [email protected]. We have a team responsible for security incident response that can assist.
Status
You can subscribe to real-time notifications about operational incidents and access status information about performance by visiting our status page at https://dureach.com/uptime.