Product TourUse CasesSuccess Stories
About

Data Security

Data Security with Vanta

Crobox partners with Vanta to ensure the highest standards of data security and compliance. Through our Vanta Trust Center, customers can:

  • Review our data security policies and controls

  • Access encryption and data protection details

  • Monitor compliance with industry security standards

For full transparency on how we protect your data, visit our Crobox Trust Center.

If you need additional information, please contact your Account Manager.

Confidential Data Handling

Confidential data is highly sensitive and restricted to authorized employees with documented approval. It must be encrypted at rest and in transit, and never stored in non-production environments or on personal devices. Backups, mobile devices, and hard drives must be encrypted, and disposal requires secure wiping or destruction. Transfers outside the company need a legal contract and management approval.

Restricted Data Handling

Restricted data is only accessible to authorized users based on business needs. Unauthenticated access is not allowed, and external transfers require management approval and legal agreements. Paper records and storage devices must be securely handled, and disposal requires secure wiping or destruction.

Public Data Handling

Public data is not sensitive and can be freely shared without special security measures.

For more details, visit our Vanta Trust Center or contact your Account Manager.

Data Retention

Data is retained only as long as necessary for business, regulatory, or contractual requirements. Personally identifiable information (PII) is deleted or de-identified once it is no longer needed. Retention periods are documented within our Data Management Policy.

Data & Device Disposal

Confidential and restricted data is securely deleted when no longer needed. Third-party vendors handling sensitive data must meet Crobox’s security standards. All company devices are wiped before disposal, and physical documents are securely shredded.

Annual Data Review

Management reviews data retention policies annually to ensure compliance. Data is securely disposed of in line with company policy and legal obligations.

FAQ

What personal data is collected, and how is it processed or stored?

Crobox does not collect any PII (Personally Identifiable Information). All collected data is pseudonymized, ensuring that no user-specific identifiers are stored.

How does Crobox handle Zero-Party Data?

Crobox collects zero-party data that customers voluntarily share, such as preferences and purchase intentions. This data is reliable, privacy-compliant, and provides valuable insights for personalization while respecting customer control over what they share.

Does Crobox require a Data Processor Agreement (DPA)?

A DPA is not required to use Crobox’s platform, as PII is not stored. Therefore, the impact of a data breach is low. However, organizations that wish to have this in place can request Crobox’s DPA.

How is user data exported or deleted upon contract termination?

Upon contract termination, all data is securely deleted following GDPR guidelines. Export of data, if required, is provided in standard formats to ensure compatibility with external systems.

PreviousSecurity ManagmentNextLegal

Last updated

Was this helpful?