File Systems and Communication
All access to the Statbot website is restricted to HTTPS encrypted connections. All data retrieval from Intercom is done with your unique access token over a secure connection with Intercoms’s API.
User passwords are secured with BCrypt. They are never stored in the database in plaintext and are not readable by staff. Passwords do provide access to the Statbot website, however, and it is the responsibility of the end user to protect his password with care.
Integration with your Intercom account is done via API tokens.
Credit Card Safety
When you purchase a paid Statbot subscription, your credit card data is not transmitted through nor stored on our systems. Instead, we depend on Stripe, a company dedicated to this task. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Stripe’s security information is available online.
Storing your data securely
We read and then store your data on our servers. For data storage we use Amazon Web Services (“AWS”) and is protected by Amazon’s security and environmental controls. On AWS we use RDS Postgres (us-east region) with AES-256, block-level storage encryption at both transit and rest. (more on Amazon AWS security can be found here and here).
For computing capabilities we use Heroku's services (more about their security here).
We access the following Intercom entities:
Users, leads, companies, tags, segments, conversations, admins (teammates), counts (amount of users/companies for each segment/tag). We store following attributes for each entity:
Users: name, email, pseudonym, company id, session count, creation timestamp, last request timestamp;
Companies: creation timestamp, last request timestamp, monthly spend, plan, user count, session count and name;
Conversations: admin id, user id, status (open/closed), associated tags, parts metadata;
Conversation parts: subtype (open/close/comment/note/assignment), timestamp, whether part has a body (true/false), author id (user or admin);
Leads: creation timestamp, name, email, pseudonym, last request timestamp;
Segments and Tags: name and whether it's removed from Intercom;
Admins: name, email (to determine whether it is a team or a person).
NOTE: It is impossible for you to restrict access to contents data (i.e. what your customers say to you), there's no such option in Intercom API. However, we don't store that data, only metadata like timestamps, assignee and user ids. We do receive that data when we make a request to Intercom API, but we simply discard it -- it never touches our database.
Have a question or concern? Please email us at [email protected].