Security, Data & Privacy FAQs
- Do you support role-based authentication? Yes. See user permissions & privileges and user access groups.
- Do you provide 2-factor or multi-factor authentication? No, but it is something we plan to support.
- Do you provide single sign-on (SSO) and/or support for LDAP or Active Directory? Yes. Currently, this is only available with the on-premise Enterprise Edition.
- Is our data safe? Data in transit is encrypted via SSL (Roadmap is SSL-only, including cookie data). Production data is not "stored as encrypted" because then it cannot be indexed and retrieved quickly. Passwords and tokens are stored and transported as encrypted. Passwords are 1-way SHA encrypted and cannot be unencrypted.
Data & Certifications
- Is our data backed-up? Yes. Automated back-ups are password-protected and not accessible to the Internet (in accordance with PCI compliance).
- Can we back-up our data locally? Yes, you can export your entire account to CSV.
- Is our data intermingled with other other customer's? SaaS or cloud account data is logically separated / partitioned. "Private cloud" managed service environments -- physically separate hardware plus VPN access -- are available. Please contact us for more details.
- Do you have a disaster recovery plan? Roadmap's product IT environment is hosted entirely by a 3rd party which has 6 geographically separated data centers located in the U.S. SOC 2 Type II Service Audit is available upon request, and upon execution of the hosting provider's NDA.
- What happens to our data if we cancel our trial or subscription account? Cancelled account data is automatically purged from the production environment after 30-days. Backed-up data gets (over-written) when the next (off-site) back-up cycle is completed.
- Does your data center have SSAE-1/SSAE-2 or any other certification? Roadmap's hosting provider is both HA and SAS70 Type II compliant.
- Look at your data without your permission, and the need to look at your data, practically speaking, only occurs in the context of diagnosing a problem. Exception: Your data poses systemic risk to our app, but even in that event, we will make reasonable attempts to contact you before looking at the data.
- Share, sell or swap your emails, etc. Exception: Our lawyers tell us we have to share as it relates to a request from a recognized law enforcement or government entity.
- Roadmap complies with the EU Safe Harbor Framework or view our U.S. Dept. of Commerce Safe Harbor profile.
Our philosophy is that serving you is a privilege and your data is yours, not ours. Nonetheless, we will protect your data as if it were ours.