Trust Center
Privacy, Security & Trust
Denada is Designed and Certified with Highest Security Standards
APPLICATION FRAMEWORK
Users access Denada via browser
All communication is over SSL
Browsers connect to Denadaโs secure multitenant cloud
Browsers can also connect to Algoliaโs search index using temporary access-limited keys over SSL
User sessions logged for audits and customer support
The only end-user data collected is name and email address
All team data is stored in Google Cloud Firestore and encrypted at rest
Firestore Security Rules are used to support multitenancy and prevent cross-team access
Uploaded assets like images are stored in Google Cloud Storage using secure UUIDs
Searchable documents (images, emails) are sent to the Algolia service (algolia.com) for indexing
Denada does not accept or store campaign performance data
Denada does not accept or store payment card information
Denada stores only the email addresses its registered users
Denada does not store campaign subscriber emails
Denada has an Information Security Policy, approved by Sr. Management, published, owner-assigned, and communicated to staff. It includes acceptable use and has provisions for noncompliance. It is reviewed every September 1st.
Denada does not utilize user passwords of any kind and instead utilizes passwordless, email code-send with full encryption during transit and at rest.
Developers do not have access to our active production environments and cannot perform tasks. All development is done within our development mirrored environment.
Denada has an Incident Response Plan, Process & Procedures document. The plan is owned and maintained by our Chief Technology Officer.
Encryption is implemented for all target data, both electronic transmissions and physical electronic media, prior to sending outside of our environment
All target data is encrypted while at rest within our environment
Denada has an approved, published and communicated asset management program including a list of all hardware, software. The Chief Technology Officer is assigned to regularly review the assets.
Denada asset management program addresses the treatment, handling, disposal, destruction and reuse of media / assets that contain target data
Denada has formal (documented, approved, published, communicated and implemented) information classification policy
Regular backups, archives and restores are conducted. Data Storage Details
Encryption is implemented for all target data, both electronic transmissions and physical electronic media, prior to sending outside of our environment
All target data is encrypted while at rest within our environment
Denada does not train on user data or chat history
Generated responses and emails in chat can be generated by various AI models depending on desired performance and/or provider preference
At no time does any of the available AI/LLM models train on user data or chat history
Default model for image generation is Google NANO BANANA PRO
Google does not train on โuser dataโ - in this case, that refers to Chat and other activity within Denada
Denada does not store payment card information at anytime
Denada maintains a Change Management Process
Denada requires code reviews and approvals of all new or modified applications prior to implementation
All external network connections monitored by an IPS/IDS or other network monitoring tool that generate alerts when a security event is detected; and alerts are acted on according to a response time based on severity level
Denada does not accept or store campaign performance data
Denada does not accept or store payment card information
Denada stores only the email addresses its registered users
Denada does not store campaign subscriber emails
Denada maintains an Access Control policy including:
Role based access to all resources (applications, OS, network devices, etc.)
Unique ID for all individuals
Restricts or removes the use of generic IDs (guest, administrator, root, etc.)
Prohibition on sharing of IDs
Passwordless 2 Factor or OAUTH exclusive
All images are accessed through Cloudflare over SSL, which in turn fetches them securely from Google Cloud Storage
โProofsโ and other emails sent from Denada use Postmarkโs email sending APIs over SSL
Denada has an approved Risk Assessment Program, an assigned owner and a regularly scheduled risk review.
Denada does have a Physical Media policy that prohibits any employee to store, download or duplicate data from our Google Cloud location. The service is set up to not allow any download at any time.
Denada prohibits any access to physical media at all times.
Denada has a Business Continuity Plan, Process & Procedures. The plan is owned and maintained by our Director of Services and reviewed every September 1st.
Denada utilizes the services of Oneleet Inc. to provide Information Security Oversight, auditing, and scanning. Denada's Chief Technology Officer is responsible for the overall program and ensuring compliance. Our 3rd party qualified security professional firm is:
An independent review was conducted on Jan 4 2025 on Denada's security policies, standards, procedures, and guidelines. Any concerns that were identified, all actions were taken to correct those concerns as certified by our third party security provider