Security, Data & Privacy FAQs

Security

  • Do you support role-based authentication? Yes. See user permissions & privileges and user access groups.
  • Do you provide 2-factor or multi-factor authentication? No, but it is something we plan to support.
  • Do you provide single sign-on (SSO) and/or support for LDAP or Active Directory?  Yes.  Currently, this is only available with the on-premise Enterprise Edition.
  • Is our data safe?  Data in transit is encrypted via SSL (Roadmap is SSL-only, including cookie data). Production data is not "stored as encrypted" because then it cannot be indexed and retrieved quickly.  Passwords and tokens are stored and transported as encrypted.  Passwords are 1-way SHA encrypted and cannot be unencrypted.

Data & Certifications

  • Is our data backed-up?  Yes. Automated back-ups are password-protected and not accessible to the Internet (in accordance with PCI compliance).
  • Can we back-up our data locally?  Yes, you can export your entire account to CSV.
  • Is our data intermingled with other other customer's?  SaaS or cloud account data is logically separated / partitioned. "Private cloud" managed service environments -- physically separate hardware plus VPN access -- are available. Please contact us for more details.
  • Do you have a disaster recovery plan?  Roadmap's product IT environment is hosted entirely by a 3rd party which has 6 geographically separated data centers located in the U.S.  SOC 2 Type II Service Audit is available upon request, and upon execution of the hosting provider's NDA.
  • What happens to our data if we cancel our trial or subscription account? Cancelled account data is automatically purged from the production environment after 30-days. Backed-up data gets (over-written) when the next (off-site) back-up cycle is completed.
  • Does your data center have SSAE-1/SSAE-2 or any other certification?  Roadmap's hosting provider is both HA and SAS70 Type II compliant.
  • Does Roadmap comply with the EU Safe Harbor Framework? Yes, please see our U.S. Dept. of Commerce Safe Harbor profile or view our privacy policy.

Privacy

Here is Roadmap's complete privacy policy.  To summarize the important stuff, Roadmap will never:

  • Look at your data without your permission, and the need to look at your data, practically speaking, only occurs in the context of diagnosing a problem.  Exception: Your data poses systemic risk to our app, but even in that event, we will make reasonable attempts to contact you before looking at the data.
  • Share, sell or swap your emails, etc.  Exception: Our lawyers tell us we have to share as it relates to a request from a recognized law enforcement or government entity.
  • Roadmap complies with the EU Safe Harbor Framework or view our U.S. Dept. of Commerce Safe Harbor profile.

Our philosophy is that serving you is a privilege and your data is yours, not ours.  Nonetheless, we will protect your data as if it were ours.

Feedback and Knowledge Base