Privacy

• Principle of Least Access
• Data Subprocessors
• Audit Logs
• Calendar Sync
  • Data Usage
  • Data Protection
  • Data Deletion

Principle of Least Access

Administrate adheres to the Principle of Least access; a minimum access policy is in place to ensure that only approved roles and personnel have access to customer data.

Data Subprocessors

We use a variety of subprocessors to deliver the Administrate service. For the subprocessors located outside of the EEA, we have undertaken Data Transfer Risk Assessments.

This is the current list of Data Subprocessors we use to deliver the Administrate service:

• Amazon Web Services: used for our development, testing, and production infrastructure environments.
• FlatFile: used by new Administrate customers as part of the data onboarding process
• Sendgrid: used for email communications.
• Twilio: used for SMS communications.
• Honeycomb.io: used to monitor our infrastructure and assist with performance improvement.
• Sentry.io: used to monitor our infrastructure and assist with error detection and reporting.
• Credly: used within our Administrate University product to award badges to students.
• Workato: used to power external integrations
• Google Analytics: used for analytics and product insights
• Zendesk: used within Administrate to allow Users to utilize Administrate Chat
• Hubspot – used within Administrate to deliver in-application NPS Survey

From time to time we may need to amend which subprocessors we use; you can sign-up below to be notified in advance of any changes we are intending to make.

Receive notifications

Where Administrate uses a subprocessor, the data we share with the subprocessor is limited to the minimum required for them to perform their service; for example if you wished to send an SMS via our platform, we would share the recipient’s phone number but not their email address.

Audit Logs

Administrate logs support access to customer data, including the date, time and person making the access. The audit logs are immutable, allowing the team to confidently track data usage.

Calendar Sync

We are committed to protecting your privacy and ensuring the security of your data. This privacy statement outlines how we use data for calendar synchronization with our systems, including the two modes of operation we support. Learn more about our Calendar Sync feature here.

Data Usage

1. Private Mode: In this mode, we only store data that helps our system determine users’ availability, such as times and dates with no additional information. This includes syncing information about when your calendar is free or busy, without accessing the specifics of your events.
2. Event Options Mode: In this mode, we respect the event options in users’ calendars. Private events remain private; we sync only dates and times without accessing any additional details. For public events, we pull additional information such as the event title to enhance the user experience.

Data Protection

1. Security: We employ robust security measures to protect your data against unauthorized access, alteration, disclosure, or destruction. Our security practices are regularly updated to meet industry standards. For more information about our security practices, please refer to our security page.
2. Encryption: All data transmitted between your calendar and our systems is encrypted to ensure its confidentiality and integrity.
3. Limited Access: Access to your calendar data is restricted to authorized personnel who require it for the purpose of providing you with our services. We do not share your data with third parties without your explicit consent, except where required by law.

Data Deletion

You have the right to request the deletion of your calendar data from our systems at any time. Upon receiving such a request, we will promptly remove all associated data in accordance with our data retention policies.

Alternatively, you can navigate to your Microsoft account consent page and revoke access to unlink your calendar.