Templatius makes tedious Gmail tasks simple. We take our customers' privacy and security very seriously. This page provides an overview of our security policies and technology.
When a user installs Templatius, we create a Templatius account for the user and link it with the user's Google account. We ask the user for permission to connect to her or his Google account and authenticate that connection via Google Apps OAuth. This means that each users' Templatius account has the same industry-leading login security as their Google account. Users can add 2-factor authentication via Google if they choose.
Templatius DOES NOT:
Upon installation, we ask the user for consent to connect to her or his Google account and authenticate that connection via Google Apps OAuth. This is a two-step process. In the first step, Templatius notifies the user that use of the Templatius products are subject to the terms of the Templatius Terms of Service and Privacy Policy, each of which describes how we process a user's data. The user must then click “Activate Templatius” to proceed to the second step. In the second step, Google Apps provides notice of the types of information that will be accessible by Templatius and the scope of the authorization the user is giving to Google and to Templatius to enable the connection, and the user must click “Allow” to proceed with using the Templatius product.
Our company's overriding policy is to collect as little user information as possible. Templatius may retrieve and store your:
We protect your data throughout the data flows of the Templatius product, from account creation and integration through Google's OAuth service, to encryption of data in transit to Templatius servers (using browser-based TLS) and encryption of that data at rest, to a variety of administrative, physical, and technical safeguards designed to create a secure environment for our customers' data.
All Templatius applications include failover and backup instances and our infrastructure respects and maintains industry-standard security certifications, including ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3, FedRAMP ATO and PCI DSS v3.2. All user data is tagged with a project-specific token, and a customer must have access to the corresponding API key and secret in order to retrieve that data via API. This provides logical separation between data belonging to multiple clients. Templatius is the sole tenant on our infrastructure. A user's data may reside on database systems which house data belonging to other users, but our logical controls (token, key and secret) separates one client from another client's data.
We do not rent, sell or trade your Personal Information to third parties. We may disclose some of your Personal Information with specific trusted third-parties or sub-processors as specified in our Privacy Policy.
Access to user data by Templatius employees is limited to an as-needed basis, e.g., to resolve customer issues. When such access is required, only personnel with a direct need will access the Templatius-related data, and such access will be limited as much as possible. Breach of this policy by a Templatius employee is a serious matter, requiring investigation and appropriate disciplinary action, up to and including termination as well as legal action.
A Templatius user can delete at any time her or his Templatius account and remove all data associated with that account from the Templatius Account page.
Incident Response and Remediation
We monitor our systems 24/7/365 with a variety of performance measurement and error-checking tools. When problems are detected, our ops team is notified immediately, and the issues are investigated. We work closely with our hosting providers to ensure that underlying systems remain secure, and any security breaches are investigated, patched and re-mediated promptly.
Our system operations are logged, and the logs are stored for at least a 7-day period in the cloud. If needed, these logs may be mined to investigate incidents or to reconstruct a chain of events.
When a serious incident occurs, or a long interval of downtime is anticipated, we notify our users via our blog, Twitter and/or email. Should a security breach occur, we will promptly notify affected users of the nature and extent of the breach, and take steps to minimize any damage.
