Trust Center
Privacy, Security & Trust
Denada is Designed and Certified with Highest Security Standards
APPLICATION FRAMEWORK
Users access Denada via browser
All communication is over SSL
Browsers connect to Denada’s servers hosted at Google Cloud
Browsers can also connect to Algolia’s search index using temporary access-limited keys over SSL
User sessions sent to LogRocket for Denada customer support
Denada server
The only end-user data collected is name and email address
All team data is stored in Google Cloud Firestore and encrypted at rest
Firestore Security Rules are used to support multitenancy and prevent cross-team access
Uploaded assets like images are stored in Google Cloud Storage using secure UUIDs
Searchable documents (images, emails) are sent to the Algolia service (algolia.com) for indexing
Denada does not accept or store campaign performance data
Denada does not accept or store payment card information
Denada stores only the email addresses its registered users
Denada does not store campaign subscriber emails
Security Framework
Denada has an Information Security Policy, approved by Sr. Management, published, owner-assigned, and communicated to staff. It includes acceptable use and has provisions for noncompliance. It is reviewed every September 1st.
Denada does not utilize user passwords of any kind and instead utilizes passwordless, email code-send with full encryption during transit and at rest.
Developers do not have access to our active production environments and cannot perform tasks. All development is done within our development mirrored environment.
Denada has an Incident Response Plan, Process & Procedures document. The plan is owned and maintained by our Chief Technology Officer.
Encryption is implemented for all target data, both electronic transmissions and physical electronic media, prior to sending outside of our environment
All target data is encrypted while at rest within our environment
Asset Management
Denada has an approved, published and communicated asset management program including a list of all hardware, software. The Chief Technology Officer is assigned to regularly review the assets.
Denada asset management program addresses the treatment, handling, disposal, destruction and reuse of media / assets that contain target data
Denada has formal (documented, approved, published, communicated and implemented) information classification policy
Regular backups, archives and restores are conducted. Data Storage Details
Encryption is implemented for all target data, both electronic transmissions and physical electronic media, prior to sending outside of our environment
All target data is encrypted while at rest within our environment
Denada AI
Denada does not train on user data or chat history
Generated responses and emails in chat can be generated by various AI models depending on desired performance and/or provider preference
At no time does any of the available AI/LLM models train on user data or chat history
Default model for image generation is OpenAI DALL•E 3
Google does not train on “user data” - in this case, that refers to Chat and other activity within Denada
Denada does not store payment card information at anytime
Operation / Change Management
Denada maintains a Change Management Process
Denada requires code reviews and approvals of all new or modified applications prior to implementation
All external network connections monitored by an IPS/IDS or other network monitoring tool that generate alerts when a security event is detected; and alerts are acted on according to a response time based on severity level
All network and system devices configured so that:
System errors and security events are logged
Logs are protected from alteration by the users
Privacy Policy
Denada does not accept or store campaign performance data
Denada does not accept or store payment card information
Denada stores only the email addresses its registered users
Denada does not store campaign subscriber emails
Access Control
Denada maintains an Access Control policy including:
Role based access to all resources (applications, OS, network devices, etc.)
Unique ID for all individuals
Restricts or removes the use of generic IDs (guest, administrator, root, etc.)
Prohibition on sharing of IDs
Image hosting
All images are accessed through Cloudflare over SSL, which in turn fetches them securely from Google Cloud Storage
Proof emails
“Proofs” and other emails sent from Denada use Postmark’s email sending APIs over SSL
Risk Management
Denada has an approved Risk Assessment Program, an assigned owner and a regularly scheduled risk review.
Physical Security
Denada does have a Physical Media policy that prohibits any employee to store, download or duplicate data from our Google Cloud location. The service is set up to not allow any download at any time.
Denada prohibits any access to physical media at all times.
Business Continuity Plan
Denada has a Business Continuity Plan, Process & Procedures. The plan is owned and maintained by our Director of Services and reviewed every September 1st.
3rd Party Security Auditing, Oversight and Scanning
Denada utilizes the services of Oneleet Inc. to provide Information Security Oversight, auditing, and scanning. Denada's Chief Technology Officer is responsible for the overall program and ensuring compliance. Our 3rd party qualified security professional firm is:
Pen Testing, Vulnerability Assessment & Audit Reports
An independent review was conducted on Jan 4 2025 on Denada's security policies, standards, procedures, and guidelines. Any concerns that were identified, all actions were taken to correct those concerns as certified by our third party security provider
