# Data Management Practices

classification:PUBLIC

We understand that our customers need to be confident using SalesTim, and be aware of our data collection practices.

Note

This section is subject to change and we recommend that you check back quarterly for updates.

# Application data

Through the implementation of its different features, SalesTim access, processes and stores several kind of data:

Here is how we're managing data for these different categories:

Category Data Accessed Cached Stored Notes
User profiles Accessed and updated after each login.
Cached for 1h.
Stored as long as the organization is active.
Organization settings Accessed and updated after each admin login.
Cached for 24h.
Stored as long as the organization is active.
Templates catalog 🚫 Accessed by the SalesTim web client and during provisioning operations.
Stored as long as the organization is active.
User requests 🚫 Accessed by the SalesTim web client and during provisioning operations.
Stored as long as the organization is active.
Teams data
Teams conversations 🚫 🚫 🚫 No access.
No cache.
No storage.
Teams files 🚫 🚫 🚫 No access.
No cache.
No storage.
Planner tabs 🚫 🚫 Accessed during cloning operations.
No cache.
No storage.
Other tabs 🚫 🚫 Tabs configurations are accessed during cloning, without access to tabs contents.
No cache.
No storage.

TIP

As you can see, we're not storing (nor in cache nor in database) any team content as part of our provisioning process. Teams data are processed in memory and not persisted.

# User profiles

SalesTim stores a subset of Office 365 user profiles in our caching platform, in order to target templates through our audience targeting feature.

Email address usage

Email address are used solely to identify users and apply audience targeting rules, and never to sollicit users directly for marketing purposes.

Sample:

{
  "id": "", // SalesTim internal user ID
  "userLicense": "", // SalesTim user licence
  "msUserId": "", // Active Directory user ID
  "msTenantId": "", // Active Directory tenant ID
  "msUPN": "", // Active Directory user UPN
  "msCompanyName": "", // Company name
  "msEmail": "", // Active Directory user email
  "msDisplayName": "", // Active Directory user display name
  "msGivenName": "", // Active Directory user first name
  "msCountry": "", // Country
  "msPreferredLanguage": "", // Office 365 Preferred language
  "msDepartment": "", // Department  
  "msCity": "", // City
  "msJobTitle": "", // // Job title
  "msSurname": "", // Active Directory user last name
  "msUsageLocation": "" // Office 365 usage location
}

User profiles are updated during each login, and stored as long as the organization is active.

TIP

User profiles could be deleted upon simple request. If you have any questions about this section or our data practices generally, please contact us at support@salestim.com

# Organization settings

SalesTim stores organization's settings as part of its application data.

Sample:

{
  "id": "", // SalesTim internal organization ID
  "customerLicense": "", // SalesTim organization license
  "msTenantId": "", // Active Directory tenant ID
  "msTenantInitialDomainName": "", // Office 365 initial domain name (e.g. domain.onmicrosoft.com) 
  "msTenantDefaultDomainName": "", // Office 365 default domain name
  "crmProvider": {
    "id": "", // SalesTim CRM provider ID
    "apiVersion": "", // SalesTim CRM provider API version
    "crmTenantId": "", // SalesTim CRM provider instance ID
  },
  "msServiceAccountId": "", // Active Directory service account ID
  "msServiceAccountName": "", // Active Directory service account name
  "msServiceAccountUpn": "" // Active Directory service account UPN
}

Organization settings are updated during each administrator login, and stored as long as the organization is active.

TIP

Organization settings could be deleted upon simple request. If you have any questions about this section or our data practices generally, please contact us at support@salestim.com

# Templates Catalog

SalesTim stores organization's settings as part of its application data.

Sample:

{
  "templateConfiguration": {
      "approval": {
          "requireApproval": "" // Approval settings
      },
      "audienceTargeting": { // Audience targeting settings
          "enabled": "",
          "rules": ""
      },
      "id": "", // Template ID
      "name": "",  // Template name
      "description": "", // Template description
      "pictureUrl": "",  // Template picture URL
      "language": "", // Template language
      "enabled": ""  // Template enabled/disabled
  },
  "clonedTeam": {
      "teamId": "", // Cloned team ID
      "teamName": "", // Cloned team name
      "includeApps": "", // Apps cloning settings
      "includeTabs": "", // Tabs cloning settings
      "includeSettings": "", // Settings cloning settings
      "includeChannels": "", // Channels cloning settings
      "includeMembers": "" // Members cloning settings
  },
  "newTeam": {
      "namingConvention": "", // Team naming convention
      "emailConvention": "",  // Team email convention
      "descriptionConvention": "",  // Team description convention
      "welcomeMessageConvention": "",  // Team welcome message convention
      "defaultName": "",  // Team default name
      "defaultDescription": "",  // Team default description
      "defaultWelcomeMessage": "",  // Team default welcome message
      "teamPrivacy": "", // Team privacy
      "addRequesterAsTeamOwner": "" // Set the requester as an owner
  }
}

Templates catalog is stored as long as the organization is active.

TIP

Template catalog could be deleted upon simple request. If you have any questions about this section or our data practices generally, please contact us at support@salestim.com

# User requests

SalesTim stores users requests as part of its application data.

{
  "team": {
      "name": "", // Requested team name
      "description": "", // Requested team  description
      "welcomeMessage": "", // Requested team welcome message
      "pictureUrl": "" // Requested team picture URL
  },
  "template": {
      "id": "", // Template ID
      "name": "", // Template name
      "description": "" // Template description
  },
  "request": {
      "requester": {
          "id": "", // Requester ID
          "name": "", // Requester name
          "email": "" // Requester email
      },
      "date": "",
      "status": {
          "code": "", // Request status code
          "label": "", // Request status label
          "messages": [ ], // Request audit trail
          "approval": {
              "date": "", // Request approval date
              "required": "", // Request approval is required or not
              "approver": {
                  "id": "", // Request aprover ID
                  "name": "", // Request approver name
                  "email": "" // Request approver email
              }
          }
      }
  }
}

User requests are stored as long as the organization is active.

TIP

User requests could be deleted upon simple request. If you have any questions about this section or our data practices generally, please contact us at support@salestim.com

# Teams data

As part of its provisionning feature, SalesTim may access, process or store temporarily or permanently certain metadata or data.

# Teams conversations

SalesTim NEVER access, process or store teams conversations.

# Teams files

SalesTim NEVER access, process or store teams files tabs contents (Files metadata, files contents, folders...), as the cloning process from a template to the provisionned team is effectively implemented through a standard Microsoft Graph operation, that doesn't require SalesTim to access files.

# Planner tabs

SalesTim reads plans contents (Plans, buckets, tasks, categories) from the template to clone plans contents during the provisionning process. Plans contents are only processed IN MEMORY and NEVER stored, nor in cache nor permenently in a database.

# Other tabs

SalesTim reads tabs metadata (Tab name and configuration) from the template to clone tabs during the provisionning process, but doesn't access their contents. Tabs metadata are only processed IN MEMORY and NEVER stored, nor in cache nor permenently in a database.

# Metadata Collection

In addition to core application data, SalesTim collects metadata to help us understand how the product is being used and what kinds of errors, such as sign-in errors, have occurred. This information helps us understand usage patterns, plan new features, and troubleshoot and fix problem areas.

Collected metadata falls into these four categories:

# Census data

Census data is acquired solely to provide, support, and improve SalesTim. It includes environmental information such as device and operating system versions, and regional and language settings. Here are some specific examples of the census data that's collected:

Data type Example Notes
AppName SalesTim
DeviceModel iPhone
OSName iPhoneiOS
OSVersion 8.3
UserLanguage EN-US
UserID E296D735-4F36-4E18-7C3B-52E1A02A0164 SalesTim automatically generates anonymous user IDs, then populates telemetry events with these IDs as they're sent from the app. A hashing ensures the ID cannot be linked to a specific user.
Session ID 5E872200-F546-4CCD-8F23-AF5F507AA2DD SalesTim automatically generates anonymous session IDs, then populates telemetry events with these IDs as they're sent from your app. A hashing ensures the ID cannot be linked to a specific user.

These anonymous data are collected through the Azure Application Insights service.
For reference, see Usage analysis with Application Insights

In addition, we're collecting anonymous network latency measurements (aka Real User Measurements) through the Azure Traffic Manager service to apply load-balancing rules more effectively.
For reference, see How to send Real User Measurements to Azure Traffic Manager using web pages

TIP

Census data DOES NOT contain any information that identifies your organization or users.

WARNING

Census data collection is on by default and cannot be turned off by admins or end users.

# Usage data

Usage data includes information such as requests status, teams provisioning, approval status, frequency of features used, and stability issues.

Usage data contains information that identifies your organization, such as domain names, and your users. Here are some specific examples of the usage data that are collected:

{
  request_created: {
    request_id: '5E872200-F546-4CCD-8F23-AF5F507AA2DD',
    team_name: 'TEAM_NAME',
    request_additionalMembers: '5',
    request_additionalOwners: '3',
    template_id: '5E872200-F546-4CCD-8F23-AF5F507AA2DD',
    template_name: 'TEMPLATE_NAME'
  },
  request_approved: {
    request_id: '5E872200-F546-4CCD-8F23-AF5F507AA2DD'
  },
  request_rejected: {
    request_id: '5E872200-F546-4CCD-8F23-AF5F507AA2DD'
  },
  request_processed: {
    request_id: '5E872200-F546-4CCD-8F23-AF5F507AA2DD'
  },
  request_error: {
    request_id: '5E872200-F546-4CCD-8F23-AF5F507AA2DD'
  },
  team_created: {
    team_id: '5E872200-F546-4CCD-8F23-AF5F507AA2DD',
    team_name: 'TEAM_NAME',
    template_id: '5E872200-F546-4CCD-8F23-AF5F507AA2DD',
    template_name: 'TEMPLATE_NAME'
  }
}

WARNING

Usage data DOES contain information that identifies your organization and users.

WARNING

Usage data collection is on by default and cannot be turned off by admins or end users.

Usage data are processed in two ways:

  • We are processing anonymous usage data to understand how our customers are using SalesTim.
  • We are processing non-anonymous usage data to create in-app usage dashboards and audit trails for our customers administrators.

# Support data

Support data includes information such as user UPN, tenant ID, app version. Access to these data is restricted to our support team, and is only used in case of a direct support request to our support team.

Support data contains information that identifies your organization, such as contoso.com, and your users. Here are some specific examples of the usage data that's collected, for three distinct kinds of profiles.

# Anonymous (Using SalesTim outside of Microsoft Teams, not yet logged)

No data collected.

# Identified (Using SalesTim inside Microsoft Teams, not yet logged)

Data collected at user level:

{
  "intercomId": '', // User UPN
  "intercomEmail": '', // User UPN
  "locale": 'EN-US', // User current language
  "msTenantId": '', // Organization tenant ID
  "msUpn": '', // User UPN
  "theme": 'Dark', // Current Teams theme
  "msUserId": '', // Active Directory user ID
  "environment": 'production',
  "version": '1.2'
}

# Authenticated (Using SalesTim inside Microsoft Teams, logged)

Data collected at user level:

{
  "intercomId": '', // User UPN
  "intercomEmail": '', // User email
  "userId": '', // SalesTim generated ID
  "customerId": '', // SalesTim generated ID
  "msEmail": '', // User email
  // ...
  // Other user profiles infos used for audience targeting
  // ...
  "tld": 'contoso.com',
  "name": 'Alice Hawking',
  "msLocale": 'EN-US',
  "license": 'pro',
  "msIsTenantAdmin": false
}

Data collected at company level:

{
  "companyId": '', // SalesTim generated ID
  "companyName": '', // InitialDomainName
  "msTenantId": '',
  "msTenantInitialDomain": '', //InitialDomainName
  "msTenantDefaultDomain": '' // DefaultDomainName
  "license": 'enterprise'
}

WARNING

Usage data DOES contain information that identifies your organization and users.
But we're not storing any Sensitive Personal Data

WARNING

Usage data collection is on by default and cannot be turned off by admins or end users.

# Error reporting data

Error reporting data can include information about performance and reliability, device configuration, network connection quality, error codes, error logs, and exceptions.

# Log files lifecycle

  1. Logs entries are generated from each application container.
  2. Each new log entry is stored:
  • In a *.log file
  • In Azure application Insights as a new trace
  1. Every hour, log files are persisted in our GitHub Ops environment for reference and further analysis.
  2. Every 15 days, logs files are rotated and older log files deleted.

WARNING

Error reporting data may also contain personally identifiable information such as the user's IP address.

WARNING

Error reporting data collection is on by default and cannot be turned off by admins or end users.

# Data Residency

The SalesTim Platform relies entirely on the Microsoft Azure platform.
Here is a summary of the key architecture components and their associated data residency:

Service Role Data Location
Azure Traffic Manager Azure Traffic Manager is a DNS-based traffic load balancer that enables us to distribute traffic optimally to services across global Azure regions. By definition, this service is located in multiple regions globally, but doesn't store any data.
Azure App Service The SalesTim Platform is hosted as a containerized app on Linux containers, enabling vertical and horizontal scale-up based on application needs and reach high availability. France Central
Azure Application Insights Application Insights is an extensible Application Performance Management (APM). We're using it to monitor our live production environments, gather telemetry such as performance counters, Azure diagnostics, and diagnostic trace logs. France Central
Azure Cache for Redis Azure Cache for Redis is based on the popular software Redis. It is used as a cache mechanism to improve the performance and scalability of the SalesTim Platform, especially for back-end data store access and external APIs requests. France Central
Azure Cosmos DB Azure Cosmos DB is a globally distributed, multi-model database service that supports document, key-value, wide-column, and graph databases. The SalesTim Platform relies on it as the main back-end data store. Read Locations: France Central. Write Locations: France Central
Azure Key Vault Microsoft Azure Key Vault is a cloud-hosted management service that allows the SalesTim Platform to encrypt keys and small secrets by using keys that are protected by hardware security modules (HSMs). The SalesTim Platform relies on it to store securely its encryption keys. France Central
Azure Blob Storage Azure Blob Storage is a massively scalable object storage for unstructured data that allows the SalesTim Platform to store securely blobs contents such as templates pictures. France Central

Reference

Learn more about Azure Regions