Trust Us With Your Privacy and Security
Privacy, security and data protection are core to our culture of respect, responsibility and earned trust.
At Directly, all data is protected by a rigorous set of enterprise-level controls, policies, and practices to protect privacy and security.
Our Data Principles
A Core Principle & Differentiator:
Data Ownership, Minimization & Restricted Use
You own and control your data.
|TL/DR: We will never, ever, sell your data to anyone.|
|We minimize and filter the data we process; we do not repurpose data for ANY secondary uses.|
|You own and control your data. Directly processes customer data on behalf of you and your end users. Customer data can be deleted and removed at any time.|
Data Security and Minimization Protocols
|Encryption||Data is transmitted and stored securely from a company’s systems to Directly via SSL encryption and using Directly’s private API key.|
|PII Filters||We use customizable PII filters to redact personal data and information identifiers before any question is routed to an appropriate expert. The selected expert is then able to view only the user’s first name and the request ticket without personal data identifiers (e.g., email address, phone number, social security number, and credit card number have been filtered out).|
De-Identification for your customers data
|Automatic Redactions of Original Texts From Users||Our system automatically redacts personal data identifiers from users’ questions after 30 days.|
|Customized Redactions and De-Identification of Personal Data||Our redaction process can be customized for your own requirements. For example, you can permanently delete or redact all data (x days after question closes) and this option can be turned on/off only by the customer.|
Independently Verified Compliance,
Controls and Assessments
Leading Edge Security Policies & Protocols.
Directly is relentless on security.
Info Security Policy and Protocols
|Confidentiality||Our security measures protect the confidentiality and integrity of customer data. We protect confidentiality through contractual agreements with employees, third-party vendors and other external users. Our policies and authorization controls restrict access to systems that contain customer data, requiring strict authorization for access.|
|Security||Our approach focuses on security governance, risk management, and compliance. This includes encryption at rest and in transit, network security and server hardening, administrative access control, system monitoring, logging and alerting, and more. Our technical solutions ensure the prevention, detection, containment, and correction of security issues, threats, and vulnerabilities. Directly proactively monitors our platform, services, and networks to identify threats and predict malicious behavior.|
|Availability||You own and control your data. Directly processes customer data on behalf of you and your end users. Customer data can be deleted and removed at any time.|
|Risk Assessment and Third Party Penetration Testing||Our internal risk assessment controls are designed to identify and prevent potential threats to the Company, reduce the likelihood of vulnerabilities being exploited, and assess the overall strength of our security framework. We also retain leading security firms to conduct black-box testing and white-box code audits. Quarterly internal and external network and web application penetration testing protect hosting and DevOps environments. We work closely with a third-party management bug bounty program, which combines analytics, automated security workflows, and global human expertise to find and fix potential vulnerabilities.|
Transparency & Hosting Options on Data Centers
|Our customers know where our data centers are located, who can access that data, and under what circumstances that data can be accessed.|
|We support a variety of cloud deployment options. Customers can also freely implement any type of preprocessing filtering or data obfuscation or perturbation, and our services team can consult on best practices to filter and minimize data transfer.|
|At any point, you can change your deployment to fit the adapting needs of your business, your geographic presence, and your budget. Since Directly always gives you control of your data, you’ll never be forced to keep your data in a single cloud location.|
Compliance & Policies
|GDPR & CCPA||GDPR and CCPA provide important standards for personal privacy protection, and we’ve built our platform to meet and surpass these requirements. These regulations are designed to protect individuals’ personal data and expand their rights to control its use. The core requirements compel companies to establish and maintain effective data governance throughout the data lifecycle.|
Culture, Training, and the Future of Data Protection
|Our Ongoing Commitment||All employees and contractors undergo extensive data protection, privacy, and security training and testing, including with Microsoft’s Supplier Security and Privacy 101 Training.|