Are you aligned and compliant with the GDPR and willing to sign a DPA?
No
Are you compliant with SOC2 or ISO270001 from last year?
No
Do you encrypt data in transit and at rest?
Yes
Do you support strong authentication (Single sign on of multi-factor authentication)
Yes
I would like to understand exactly what specific data would be stored or permissioned to be on this solution
Users Basic Information like first name, last name, email address and encrypted email tokens
I would like to understand the security access control mechanism from the SaaS app
Access control is managed via role-based access control (RBAC), ensuring that only authorized users have access to specific data and features based on their roles.
I would like to understand the authentication and authorization mechanism from the SaaS application
Authentication is handled through secure login protocols with support for MFA. Authorization is enforced through role-based access control (RBAC) to ensure appropriate data access.
deletion and deletion policy
3 months of data is stored and then it's deleted as a part of offboarding
How they are going to protect/Secure the Company users or additional information
Trulyinbox employs rigorous security measures, including encryption, regular security audits, and adherence to strict privacy policies, to protect user data and additional information.
Did you have any cyber security incidents in the past 3 years?
Trulyinbox has not experienced any major cybersecurity incidents in the past three years. Any minor incidents have been promptly addressed and remediated to prevent recurrence.
Where is user data stored geographically?
User data is primarily stored in data centers located in the United States, ensuring compliance with data residency requirements.
Are there any data residency requirements you need to fulfil?
Trulyinbox complies with local data residency requirements, storing data in the appropriate geographic locations as mandated by regulations.
What type of encryption is used to protect data at rest and in transit?
Trulyinbox uses AES-256 encryption for data at rest and TLS 1.2/1.3 protocols for data in transit to ensure data security.
Are there backups of user data? How are they secured?
Regular backups of user data are performed and stored securely. Backup data is encrypted both in transit and at rest to prevent unauthorized access.
How are users' credentials stored and managed? are they based and salted to prevent unauthorised access?
User credentials are hashed and salted using bcrypt to prevent unauthorized access. Trulyinbox enforces strong password policies and periodic password changes.
Does this tool offer MFA? with connection with OKTA?
Trulyinbox offers MFA for enhanced security. Integration with OKTA and other identity providers is planned for future updates.
What level of access control granularity is offered? Can you restrict access to specific features or data for different user roles?
N/A
What third party integrations does this tool offer?
Trulyinbox integrates with various third-party tools such as email service providers like Microsoft, and payments platforms Stripe to enhance functionality.
What data is shared with the third party? and how is security protected?
Data shared with third parties is limited to necessary information for integration functionality and is protected by robust security measures, including encryption and secure APIs.
How will we be notified in case of a breach?
In the event of a data breach, Trulyinbox will notify affected users by email
Spam flag prevention: Does the tool adhere to the best practices for email sending to avoid triggering spam filters? Does this include proper sender reputation management? dedicated sending IP's and avoiding spammy content in warm up emails.
Trulyinbox adheres to best practices for email sending, including proper sender reputation management, using dedicated sending IPs, and avoiding spammy content in warm-up emails to prevent triggering spam filters.
please elaborate on the compliance you are having with Anti Spam laws - e.g - CAN. etc.
N/A
Does the tool support email authentication protocols like SPF, DKIM, DMARC and are they properly configured?
Trulyinbox supports and properly configures SPF, DKIM, and DMARC to ensure email authenticity, improve deliverability, and protect against spoofing.
