Help
HomeFeaturesPricingBlog
Search…
What is Keeping?
Getting Started
Quick start for admins
Quick start for agents
Using Keeping in Gmail
Keeping and your customer
Keeping Chrome Extension
Fundamentals
Mobile & web access
Converting an email to a ticket
Using the Knowledge Base
Changing ticket status
Assigning a ticket
Editing ticket recipients
Using tags
Enable an autoreply
Creating a new ticket
Collision detection
Email signatures
Private notes
Activity log
Managing spam
Setup
Installing the Chrome Extension
Integrations
Connecting a mailbox
Inviting users
Admin & agent roles
Workflows
What are Workflows?
Creating Workflows
Workflow conditions
Workflow actions
Matching every incoming email
Service Level Agreements
What are SLAs?
Creating an SLA
SLA conditions
SLA actions
Reporting & Analytics
What are Reports?
Classic Reports
Advanced Reports
Preferences
Reversing conversation order
Pushing tickets into inbox
Hiding the Keeping toolbar
Notifications
Set your business hours
Account & Plans
Adding and removing paid seats
Changing billing plans
Changing organization name
Updating your billing information
Pausing your subscription
Cancelling your subscription
Security and Privacy
Security & Privacy Practices
Google Permissions
Powered By GitBook
Security & Privacy Practices
Learn about Keeping's security and privacy practices.
We take security and privacy seriously, adhering to very high security standards that keep your customer data protected.

Infrastructure

All of Keeping's application and data infrastructure is hosted on Google Cloud Platform (GCP), a highly secure cloud computing platform with end-to-end security and privacy features built in. This is the same infrastructure that Google uses to host Gmail.
Designed with redundancy, fault tolerance and disaster recovery at the forefront, our services are hosted in the United States. All our infrastructure is within our virtual private cloud (VPC) with production access restricted to operations support staff only.
For more specific details regarding GCP's security, please refer to https://cloud.google.com/security.

Uptime and Data Availability

We strive for a 99.99% uptime across all our products and to support that, we host our monitoring and logging systems outside of GCP and employ a variety of tools to accurately monitor and report on any anomaly that could impact the delivery of our services.
In the unlikely event that data stored in the Keeping database were to be lost or damaged, we would be able to restore from backup with a loss of data no more than 60 minutes. During this time we would not provide additional contingency plans to delivery data due to the very short nature of the recovery time.

Data and Data Center

All data is stored in the USA in Google Cloud Platform-controlled data centers. Only those within Google who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access.

Application

Through the use of automated and manual analysis, as well as constant security review of 3rd party libraries, we ensure to the best of our abilities that we are delivering products that are free from security defects and that data is processed strictly in compliance with our customer’s instructions. We enforce the same level of encryption used by banks and financial institutions.
Additionally, we support a number of security focused features to help keep your data safe
  • Data encryption - All customer data is encrypted at rest including: user email addresses, API keys, including 3rd party keys stored by Apps.
  • Company-specific data is kept separate through logical separation at the data tier, based on application-level access permissions and roles.
  • Authentication - Keeping exclusively supports authentication through Google. Keeping never sees or stores your password.

Engineering and Operational Practices

We design all services with high availability in mind. Our goal is to deliver 99.99% uptime across all our products. In order to achieve this goal, we follow a number of engineering best practices
  • Immutable infrastructure - We don’t make changes to live code or running servers in production. Where applicable, we treat both our software and our infrastructure configuration as code. Which means all changes go through a formal code review, automated testing and automated deployment process.
  • Continuous integration and delivery - We are using continuous integration and deployment automation and configuration management tools to build, test and deploy code multiple times a day.
  • Incident response - Our engineering team is able to respond to any security or availability incidents immediately.
  • Security audits - Every year we have an independent security firm execute a white-box penetration test audit across our system and code base. On request, the results of the latest audit can be provided to current or potential customers.
  • Permission and administrative controls -Keeping enables permission levels to be set for any employees with access to Keeping. We follow the principle of least privilege for any system with access to personal data and have automated tool-based control and logging of data access, entry, deletion, and modification.

G Suite data access and Authentication

Google Single Sign-On (SSO)

Keeping uses Google Single Sign-on (SSO) to login users to the Keeping app. Keeping uses the OAuth protocol to authenticate users via G Suite. The OAuth tokens to access the users’ Gmail accounts are encrypted before getting stored. Keeping does not store any user specific passwords or any other kind of authentication detail.

G Suite Data Access

Keeping requests for authorization of G Suite email data access once you've installed the app. Keeping requires access to the following G Suite data:
  • Gmail API access for all Gmail accounts using Keeping (authenticates via OAuth). These are the permissions that Keeping requires. Read more on why Keeping needs these permissions.
Apart from the above mentioned items, Keeping does not require access to other areas of users’ G Suite data.

Revoking access

Users/organizations have the authority to revoke Keeping access to their G Suite account anytime.
Account & Plans - Previous
Cancelling your subscription
Next - Security and Privacy
Google Permissions
Last modified 8mo ago
Copy link
On this page
Infrastructure
Uptime and Data Availability
Data and Data Center
Application
Engineering and Operational Practices
G Suite data access and Authentication
Google Single Sign-On (SSO)
G Suite Data Access
Revoking access