Security

SOC 2

SOC2 (SOC for Service Organizations: Trust Services Criteria) is a report that provides detailed information and assurance about the controls at a service organization relevant to security, availability, and confidentiality of the
cloud service.

Privacy Shield

Privacy Shield is a program for US companies to demonstrate adequate compliance to EU data privacy standards for the transfer of data from EU to the US.

Data/Network Services

Playvox delivers and supports its services through cloud service provider, Amazon Web Services, that use widely accepted practices and infrastructure to secure customer data. Network services include a combination of dedicated servers and distributed resources.

Further information on our service provider security practices can be found here:
AWS Cloud Security
AWS Compliance Programs


Playvox uses standard best security practices to protect personal information in its possession to ensure a level of security appropriate to the risk of loss, misuse, unauthorized access, disclosure, alteration, and destruction. These measures take into account the nature of the personal information and the risks involved in its processing, as well as best practices in the industry for security and data protection.


Data that resides on the Playvox platform is typically restricted to operational statistics of employees or contracted personnel. As a practice and recommendation, sensitive data specific to customer information is not delivered to or stored on the Playvox platform. Furthermore, as a general practice, recorded customer interactions (voice, chat, email, tickets) are not stored on the Playvox platform. Customer interactions are obtained on demand via API endpoints from our customers’ CRM or telephony platforms (e.g., Zendesk, Talkdesk). 

Use case 1: Agent Quality Evaluations based on review of customer interactions. Where sensitive customer information is shared in customer interactions such as email, chat, or recorded calls, those customer interactions remain on our third-party vendor platforms and are obtained on demand for review by quality analysts. The quality scorecard and the results of these quality evaluations are stored on Playvox and feedback is shared with agents on Playvox. As a best practice no sensitive customer/patient data is included in the quality evaluations.  
 
Use case 2: Performance data is strictly employee-based data specific to performance metrics on which they are being managed. For example, average call handle time statistics for each agent.

Data Export
Customers have access to any data generated on the Playvox site for export as csv/excel files to other systems for reporting and archiving purposes.Customer Service

Interactions

Customer service interactions between agents and customers, recordings of phone, email, chat, or other interactions are not stored on the Playvox platform.

Employee Performance Data Upload to Playvox servers
In the case of agent-performance data, customers consolidate and upload employee-performance data from other platform sources such as data warehouses, CRM applications, telephony platforms. A consolidated data file is uploaded to a secure FTP site. This data upload can be manual or automated. The SFTP site is provided by Playvox. Upload of data is by the customer’s personnel and through the typical SFTP methodology. 


Production data is stored encrypted and is only accessible within the production environment. File uploads are stored on secure object containers on a worldwide CDN and are not directly available over the internet.



Production data is regularly backed up. Backup procedures are documented and reviewed periodically. All backups are encrypted and only authorized individuals of Playvox have access to them. Verification procedures are in place to ensure integrity and they are recoverable.


Access to systems and protected information is restricted to authorized individuals using role-based access controls and the principle of least privilege. Infrastructure is operated by designated and trained system administrators, access to management dashboards and interfaces require multi-factor authentication. Customers can configure application level controls to set security and access settings.


We use industry-accepted encryption technologies to protect data in transit using encrypted connections such as TLSv1.2, for data at rest we use Amazon EBS Encrypted Volumes. Backup data is also encrypted. No production data is transmitted or stored unencrypted.