Introduction
We take privacy and data security seriously. All your data lives and stays in your environment and we don't have access to it—so you can focus on optimizing your processes, not data safety.
Hubbl Process Analytics is installed in your Salesforce org and operates in your already secure environment. Your data is queried into a secure snapshot which is stored in your org and follows native Salesforce record security rules.
How Hubbl Process Analytics Works
The app will run a batch which aggregates field history logs that the running user has access to into a custom object “Event Log” that the app will use to visualize the data. These records will contain attributes which can be configured by the user to pull in data from almost any field, and are deleted when the views that use them are deleted (a consideration for field encryption or data retention policies).
Access Control
Hubbl Process Analytics is an installed managed package, all code and configuration lives in Salesforce. As your Salesforce environment is already secured via either SAML2.0 or SSO, no additional sign in is required for Hubbl Process Analytics.Â
Data Handling, Security and Backup
You have complete control over who accesses the data used by Hubbl Process Analytics. No data leaves your environment, There are no data external integrations, no external APIs are used and no elevated access is given to any users of the app.Â
All permissions for the app and its associated objects are given by a permission set which only gives access to the objects and code from the Hubbl Process Analytics app. All native object and field level permissions are respected.
Data is stored in Salesforce records and is encrypted or backed up according to your Salesforce settings.
External Callouts
All processes and data remain within the Salesforce org and the application without callouts or data transfers to 3rd party libraries. Hubbl Process Analytics works with standard and custom objects in the Salesforce org where it is installed. The app is self-contained and uses dynamic queries on standard objects (primarily field history, including the field history of custom objects if applicable). Hubbl Process Analytics has no flows, triggers, scheduled classes on standard or custom objects, and does not create any fields in those objects or write to them in any way. LWC / Lightning components do include two 3rd party libraries: pm4js for processing the logs and Dagre-d3 and D3.js for visualizations.
Data Security and Processing
The use of personal data from employees, customers or any other group is a configurable feature. The application user is able to select data points from those available in the org. No employee or customer data is required to build the visualizations.
The following personal data is collected and stored by the Hubbl Process Analytics application: The Org Owner associated with the org where Hubbl Process Analytics is installed, this data is collected at the time of installation as part of Salesforce’s AppExchange process. The Hubbl Process Analytics administrator’s first name, last name, and email address. This data is necessary for license administration and so that their data can be associated with the account they are using. Other personal data as derived from the event logs being analyzed will be stored in the application on your own Salesforce org.Â
Security Policy
Any breaches to data security would be handled in accordance with Hubbl Process Analytics Security Incident Response Plan, with any breaches communicated to users and the corresponding regional authorities.Â
For any additional questions about your personal information or should you request it to be deleted, please send an email to support@hubbl.com. Users can keep their contact information up to date in the Account section of Hubbl Process Analytics or by contacting support@hubbl.com.
ISO 27001 Certification
Hubbl Process Analytics is a Managed Package available on Salesforce App Exchange, which means it has passed Salesforce’s stringent security review. It is a 100% Native Salesforce Application built entirely on the Salesforce Lightning Platform, exactly as Sales Cloud, Service Cloud and Experience Cloud, sharing Salesforce’s core technology stack.Â
As such it leverages the data security of the Salesforce platform, with all data being stored in Salesforce owned data centers (if Blackline is in the USA, then it’s Salesforce data is also stored in the USA). Data is encrypted in transit using Transport Layer Security (TLS) with at least 2048-bit RSA server certificates and 128-bit symmetric encryption keys. Traffic passes through stateful packet filtering firewalls and edge routers that protect your org’s perimeter.
All 100% Native Salesforce Applications are covered by Salesforce’s application security controls required for ISO 27001 Compliance. The Salesforce ISO27001 Certificate can be supplied on request.Â
ISO 27017 CertificationÂ
There is an additional ISO standard specifically designed for Cloud Vendors that includes seven further controls:
- 6.3.1 Shared roles and responsibilities within a cloud computing environment
- 8.1.5 Removal of cloud service customer assets
- 9.5.1 Segregation in virtual computing environments
- 9.5.2 Virtual machine hardening
- 12.1.5 Administrator’s operational security
- 12.4.5 Monitoring of cloud services
- 13.1.4 Alignment of security management for virtual and physical networks
All 100% Native Salesforce Applications are covered by Salesforce’s application security controls required for ISO 27017 Compliance. The Salesforce ISO27017 Certificate can be supplied on request.
