Security overview

Data center & network security

Physical security
Click to copy this link to your clipboard
- Facilities
  
  Tymeshift servers are hosted using Google Cloud Platform. Google’s data centers are PCI DSS, ISO 27017,ISO 27001, SOC 2, and SOC 3 compliant facilities. Data center facilities are powered by redundant power and UPS + backup generators.
- On-site Security
  
  Facilities feature vehicle access barriers, perimeter fencing, metal detectors, and biometrics. The data center floor features laser beam intrusion detection. Data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders.
- Monitoring
  
  All production are monitored and logically administered by Tymeshift. Physical security, power, and internet connectivity is monitored by Google.
- Location
  
  Tymeshift offers data centers in the United States, Europe, APAC and South America. By default, your account will be hosted in one of our US regions. Customers can choose to locate their Service Data in the US-only or Europe-only*.
  
  *Available as an Add-on to any plan.
Network security
Click to copy this link to your clipboard
- Security Team
  
  Our Security Team is on call 24x7x365 to respond to security incidents.
- Protection
  
  Our network is protected by redundant firewalls, best-in-class router technology, and secure HTTPS transport over public networks. Additionally, Intrusion Detection and/or Prevention technologies (IDS/IPS) are implemented which monitor and/or block malicious traffic and network attacks.
- Network Vulnerability Scanning
  
  Network security scanning allows quick identification of out-of-compliance or potentially vulnerable systems.
- Logical Network Access
  
  Access to the Tymeshift’s Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is audited and monitored. 2FA is required to access the Production Network.
- Security Incident Response
  
  In case of a system alert, events are escalated to our on call IT who are trained on security incident response processes, including communication channels and escalation paths.
Encryption
Click to copy this link to your clipboard
- Encryption in Transit
  
  Communications between you and Tymeshift’s servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks.
- Encryption at Rest
  
  All data is encrypted at rest.
Availability & continuity
Click to copy this link to your clipboard
- Uptime
  
  Tymeshift maintains a publicly available status page which includes system availability details and scheduled maintenance.
- Redundancy
  
  Tymeshift employs automatic application scaling and network redundancies to eliminate single points of failure. Our backup policy ensures data is actively replicated across primary and secondary DR systems.
- Disaster Recovery
  
  Our Disaster Recovery (DR) program ensures that services remain available or are recoverable in the case of a disaster. This is accomplished through geographically distributed environments, and Disaster Recovery plans.
Secure development (SDLC) & Application security
Click to copy this link to your clipboard
- Security Training
  
  At least annually our team participates in security training and reviews our security controls.
- Separate Environments
  
  Testing and staging environments are separated from the Production environment. No customer data is used in the development or test environments.
- Security Penetration Testing
  
  At least annually, Tymeshift performs internal penetration testing across all production environments.

Security overview

Product security features

Authentication Security
Click to copy this link to your clipboard
- Authentication Options
  
  We offer our own local sign-in and Google Authentication.
- Password Policy
  
  You can configure your preferred password policy utilizing Google Sign On.
- Two-factor authentication (2FA)
  
  If you are using Google sign-in on, you can turn on 2-factor authentication (2FA).
- Secure Credential Storage
  
  Tymeshift follows secure credential storage best practices by never storing passwords in a human readable format, and only as the result of a salted, one-way hash.
- API Security & Authentication
  
  Our API is SSL-only and you must be a verified user to make API requests. You can authorize against the API using the credentials/key provided in your Tymeshift account.
Privacy certifications
Click to copy this link to your clipboard
- U.S.-EU Privacy Shield and U.S.-Swiss Safe Harbor programs
  
  Tymeshift complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries (and Iceland, Liechtenstein, and Norway) and Switzerland transferred to the United States pursuant to Privacy Shield. Tymeshift has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/ You can learn more about our Privacy Shield Compliance in our Privacy Policy.

Security overview

Additional security methodologies

Security Awareness & Confidentiality
Click to copy this link to your clipboard
- Policies
  
  Tymeshift has developed a set of security policies covering a range of topics. These policies are shared with all employees and contractors with access to Tymeshift information assets.
- Confidentiality Agreements
  
  All new personnel are screened through the hiring process and required to sign Non-Disclosure and Confidentiality agreements.

Name

Use

Contact Information

Security Measures

MailChimp (& Mandrill)

Marketing and Transactional Email

https://mailchimp.com/contact/

https://mailchimp.com/about/security/
Google Analytics

Analytics

https://support.google.com/analytics/troubleshooter/3045965?hl=en

https://support.google.com/analytics/answer/6004245?hl=en
Stripe

Credit Card Payment Processor

https://stripe.com/contact

https://stripe.com/docs/security/stripe
Zendesk

Customer Support

https://www.zendesk.com/contact/

https://www.zendesk.com/product/zendesk-security/
Zendesk Sell

Sales CRM

https://getbase.com/contact/

https://www.zendesk.com/product/zendesk-security/
Pendo

Pendo

https://help.pendo.io/

https://www.pendo.io/support/trust/

Does any data that you use remain within the Zendesk infrastructure?

The data Tymeshift collects is primarily related to agent activity and productivity. For example, Tymeshift collects that a ticket was solved, by whom, and at what time it was solved. This data is stored inside of Tymeshift’s database and used to calculate metrics for reporting purposes.
Does data travel back and forth between Tymeshift and Zendesk?

No, Tymeshift collects agent productivity data from Zendesk (as described in the above answer) but does not send that data back to Zendesk. This data is primarily used to calculate the productivity/performance of agents and thus does not need to be sent back to Zendesk.
What data does Tymeshift store from Zendesk? Is any personal information collected?

Tymeshift does not store customer related data. The data Tymeshift collects is related to the productivity/performance of agents. Specifically, we collect Zendesk events on tickets, time spent on tickets and other activities, as well as satisfaction ratings. The personal data collected is related to your agents inside of Zendesk. Specifically, the agent’s profile name and email address.
Which Zendesk API Endpoints does Tymeshift use?

You can learn about the Zendesk API Endpoints that we utilize to provide our service here .
If an employee asks us to delete all their data off the system, how do we request that?

We are happy to purge any data at your request. You can find more details on this process here under the “How to invoke your rights” section.
How long does Tymeshift store my data?

Tymeshift stores your data as long as your account is active. In the event you wish your data to be purged while your account is still active you may submit a request via following the process outlined here under the “How to invoke your rights” section.
What path does Tymeshift offer to responsibly disclose security vulnerabilities?

Please report security vulnerabilities you have uncovered to: [email protected] Your responsible disclosure is deeply appreciated.

For more questions on our security practices and compliance please contact us at:

Data center & network security

Physical security

Facilities

On-site Security

Monitoring

Location

Network security

Security Team

Protection

Network Vulnerability Scanning

Logical Network Access

Security Incident Response

Encryption

Encryption in Transit

Encryption at Rest

Availability & continuity

Uptime

Redundancy

Disaster Recovery

Secure development (SDLC) & Application security

Security Training

Separate Environments

Security Penetration Testing

Product security features

Authentication Security

Authentication Options

Password Policy

Two-factor authentication (2FA)

Secure Credential Storage

API Security & Authentication

Privacy certifications

U.S.-EU Privacy Shield and U.S.-Swiss Safe Harbor programs

Additional security methodologies

Security Awareness & Confidentiality

Policies

Confidentiality Agreements

Sub-Processors

Name

Use

Contact Information

Security Measures

Frequently asked questions

Does any data that you use remain within the Zendesk infrastructure?

Does data travel back and forth between Tymeshift and Zendesk?

What data does Tymeshift store from Zendesk? Is any personal information collected?

Which Zendesk API Endpoints does Tymeshift use?

If an employee asks us to delete all their data off the system, how do we request that?

How long does Tymeshift store my data?

What path does Tymeshift offer to responsibly disclose security vulnerabilities?

[email protected]