Data Management and Security

Software designed to keep your data secure. SupportLogic is ISO 27001 and SOC II Type 2 certified as well as GDPR/HIPAA compliant.

SupportLogic is certified SOC II Type 2 and compliant with GDPR.


From end to end, our software is designed to keep your data secure and maintain our track record of ZERO breaches or loss of data. Your data passes through three secure elements: a lightweight data connector, a database platform, and a web portal. All three elements are hosted in an isolated virtual private cloud.

All data collection occurs over SSL using REST APIs. The data connector connects to your ticketing system using the authentication token that you provide us. 

No credentials are ever shared – you maintain complete control over what and how much data is collected. Access is maintained in your own VPC instance using self-service OAuth.

Take a deeper dive: Get the details on why SupportLogic is built around a VPC architecture

Read the white paper


Our ISO-270001 certification ensures that we maintain the highest level of security compliance. Annual SOC 2 Type II certification, GDPR compliance, and California Consumer Privacy Act compliance are maintained to meet your security expectations. We regularly conduct both internal and external audits and penetration tests, with complete results available by request.

SupportLogic employees and contractors are trained using a comprehensive security awareness program and committed to ensuring that the data within our systems is protected in the highest regard. Our NOC and SOC teams maintain 24/7 coverage.

Our data privacy and security protocols conform to the HIPAA Security, Privacy, and Breach Notification Rules and are designed to meet all HIPAA compliance requirements.

Security Protocols

TLS 1.2+

SHA-256/RSA Encryption

Virtual Private Cloud

FIPS 104-2 Compliance

2-Factor Authentication

Access via Bastion Host

Data Classification Matrix

Data TypeSensitivityAccessEncryption
Original ticketing dataConfidentialDesignated SupportLogic employees only, using a third-party sync serviceAt rest and in transit
Internal conversationsSensitiveDesignated SupportLogic employees onlyAt rest and in transit
ML predictionsSensitiveDesignated SupportLogic employees onlyAt rest and in transit
ML annotationsSensitiveDesignated SupportLogic employees onlyAt rest and in transit
Product usage dataSensitiveDesignated SupportLogic employees onlyIn transit

Frequently Asked Questions

Is my data secure during extraction?

Yes – All data is encrypted in transit using TLS 1.2 (and above).

Yes – At rest, your data is encrypted under the 256-bit Advanced Encryption Standard, and each encryption key is itself encrypted with a regularly rotated set of master keys.

Yes – Only you can give access to your data by inviting new users to your account or by engaging a third party and explicitly providing access to your data. This access is used to run analytics against your data, with the option to write back to your CRM using SupportLogic SX as a bi-directional solution. Via the ETL, you have the ability to grant or revoke visibility permissions and can remove access permission at any time.

Yes – You can use many industry-standard SSO and Active Directory providers.

The following data types are collected from your CRM system:

  • Case details, notes, comments, and discussions 
  • Case requester details 
  • Agent details 
  • Product usage metrics

Yes – When your account is terminated, SupportLogic will mark all your data for eventual deletion. However, by request your data can be deleted within 3 business days. SupportLogic will delete the case data and send you a confirmation email within one business day.

Your data is only stored in your VPC instance. 

SupportLogic only uses your data for generating the ML models tuned to your organization. Your data is not used to train any other models. Once the models are created the collected data is not needed, SupportLogic may store data to continuously improve your models. SupportLogic can purge any data by request.

SupportLogic does not require login details or a password to your CRM system. However to use the SupportLogic application we require that you to create an account on our platform.

There are two options for account creation: you can create individual user accounts using your email address or sign in with your existing Slack credentials. If you sign in with Slack we collect your profile information.

Responsible Disclosure Program

We take security seriously at SupportLogic and are deeply appreciative of the role that security researchers play in improving the security posture of our product and platform. Send us an email if you believe you have discovered a security vulnerability that you would like to report to us.