Learn about our data processing policies
Together Platform is a GDPR-defined Data Controller, although the customer data we handle ultimately falls under the ownership of the customer as outlined in our Customer Terms of Service.
Together is SOC2 certified through an independent 3rd party auditor on an annual basis. To request a copy of our SOC2, please email firstname.lastname@example.org.
Together Platform complies with GDPR including its four main pillars of standard:
- Data Flow
- Explicit Consent
- Right to Access
- Right to be forgotten
Together only collects data necessary for the purpose of managing employee mentoring and learning programs. This includes data like name, email, demographic data provided by our customer, and data collected through the use of the tool such as mentoring progress, notes and feedback. We also collect data on application usage for the purpose of error tracking, troubleshooting and maintenance and reliability of the software.
All data is encrypted in transit and at rest. We use HTTPS for all network traffic and sessions are authenticated with OAuth2.0. At rest, we use Google Cloud Platform’s database and storage products, which use state of the art encryption protocols.
We have security policies that outline procedures to inform our customers in the unlikely event of a data breach. For more information, see our Security Policies.
Together Platform is SOC2 certified by an independent 3rd party auditor. This means we comply with the strictest security standards, ensuring we constantly monitor our systems for security risks and vulnerabilities and renew our audit on an annual basis.
Right to access
Any user may request access to the data we have about their account by emailing email@example.com. Our customers can also download the data about their users in the Reports page of the admin panel.
Right to be forgotten
Users may delete their account on-demand on the Settings page of their profile. They may also request deletion by emailing firstname.lastname@example.org.
Upon deletion, the PII of the user account will be removed.