Following is an outline of Riva’s information privacy and data retention policy:
Riva Cloud data architecture
The best way to think of Riva is as an information pass-through architecture. Riva acts as a bridge that interconnects multiple data systems together, allowing information to flow between data systems based on a policy-driven, rules-based, centralized configuration. Riva will detect changes to data, transform the data, and synchronize the changes.
Riva Cloud does not store copies of your customer data that is synchronized (e.g., email, appointment messages, attachments, or other CRM data).
Data center and certifications
Riva Cloud is hosted on the Amazon Infrastructure.
Additional details on the following items are available here: http://aws.amazon.com/security/.
As a core principle, during synchronization, none of the Riva components cache or write the message content of emails or store any private information for opportunities, cases, quotes, projects, contacts, accounts, appointments, etc. to any persistent storage on the Riva servers at any time. This information is retrieved, received, converted, transformed, and transmitted with an absolute minimal information sub-set being stored.
In order to synchronize data between systems, Riva persists certain minimum types of information for core functionality and performance improvement. Some of this information includes data fields like the unique record database ID, modification date time stamps, and item change revisions. This information is kept in persistent storage unique to each user. This persistent storage is referred to as the transaction database or as metadata.
If the metadata is opened using query tools, it is not possible to re-create the item or to determine any details about the content that had been previously synchronized from the information stored in the metadata. The metadata alone cannot be used to build or restore information that has been previously synchronized.
Riva considers content fields to be fields like email or appointment subject, location, body, attachments, attendee lists, or recipients lists. These, and similar fields that contain “content relevant to the record intention”, are never stored in the metadata.
For performance reasons, by default, Riva stores a dynamic mapping of email addresses and website domains for related contacts and accounts that have been synchronized. This avoids the additional network communication required for common relationship look-ups when the information is available for items that have already processed. This greatly improves scalability and reduces synchronization times when handling relational data in reference to email recipients and appointment attendees. Additional configuration can adjust this behavior so that the raw values are not stored. These changes result in in a hash of the email addresses that are processed, or optionally, this performance optimization can be disabled to ensure data privacy.
Communication and network traffic encryption
All communication / network traffic between the end user and the Riva web interface is encrypted with industry standard SSL certificates (thawte, Inc. – Extended Validation SSL).
The communication / network traffic between the Riva Cloud synchronization service and each target system depends on the URL provided during the connection wizard process. If the URL starts with https://, Riva establishes a secure tunnel via SSL to the HTTP service. The use of HTTPS is always recommended whenever possible and available.
Requesting access to collected information
Riva Cloud provides a multi-tenant or a single-tenant synchronization service. Each user’s information is stored in separate unique database. Companies interested in reviewing information that is being cached for their accounts can receive a link to the meta directory information to see what is being cached. To request a copy of this information, contact Riva’s Data Privacy Officer.
Riva Cloud activity logging
Riva keeps certain limited information in log files in order to carry out troubleshooting activities and to allow each user and account administrator to keep track of the synchronization process. Companies can view their activity data logs and logged information at any time by selecting the View Synchronization button in the Riva Cloud interface.
Riva Cloud log files are deleted on a scheduled basis to reduce storage requirements. The information Riva Cloud writes to the log files is limited (email addresses, subject line of object types that are being synchronized, archived, or SmartConverted). Riva Cloud retains the name of the folder in which the SmartConvert or email archive process is carried out. The content of a synchronized email, appointment, contact, opportunity, or other object type is never kept in persistent storage by Riva and is, therefore, not kept in cache or in the log files. Select the following link to download a sample of a Riva Cloud log file.