Security and Privacy

Updated by Vince Scafaria

DotAlign Cloud is software that privately analyzes mailbox data (email messages, calendar events and contact cards), plus any uploaded LinkedIn first-degree connections. Through automated data science and subject to sharing settings, the software provides colleagues at a client enterprise with an understanding of relationships and engagement. Given the sensitivity of this data, DotAlign has taken a privacy-first approach as follows:

Does my data go to dotalign.com?

No. DotAlign is not a SAAS solution. None of this data leaves the company's secure corporate network.

Can my emails be read?

No. DotAlign software does not store or share email body text or attachment content. Email body text is analyzed by software (never by humans) that runs exclusively on the company network for purposes of identifying the signature block (job title, phone, etc.), and the rest is discarded.

What can I share with colleagues?

You can choose share settings via the 'Teams' feature. A team is a group of colleagues who are allowed to share together (teams use Azure Active Directory for authentication). What you and your colleagues choose to share will depend on the norms and culture of your firm and your personal preferences. For example, you could choose to share relationship strength scores without also sharing phone numbers and email addresses. Email content is never shared.

How does sharing with colleagues benefit me?

There's nothing worse than finding out a colleague cold-called your warm relationship. When colleagues know about your strong relationships, a pitch, RFP, or outreach is much more likely to get routed through you. Typically, you would have to rely on manual input to assert relationships (e.g. CRM data entry); with DotAlign, knowledge of those relationships is automatic.

Can I avoid sharing a particular contact?

Yes! Learn how you can mark a relationship as private here.

Can I opt out entirely?

Yes. The system supports deletion of a contributor's data. As a reminder, the database resides exclusively on the company network. There is no copy of your data at dotalign.com.

How is data secured?

DotAlign Cloud runs as a single tenant deployment made to the customer’s Azure tenant. This means that one customer’s deployment is only accessible to that customer’s employees. There is no sharing of data or infrastructure across deployments. Customer mailbox data stays secure inside the customer’s cloud.

DotAlign Cloud uses various Azure services which come with their own security features which can be controlled by the customer (e.g. firewalls, inbound and outbound network restrictions, encryption, data masking, etc.).

DotAlign Cloud authentication is via Azure Active Directory, and so is always up to date with the enterprise’s latest employee information. It also auto-updates and is completely hands-off from enterprise IT’s perspective.

In other words, it brings all the benefits of a SaaS service, with all the security benefits of having an enterprise-owned deployment and without the enterprise having to hand over their sensitive mailbox data to a 3rd party.

How is data processed from a compliance and GDPR/CCPA perspective?

DotAlign Cloud processes Office 365 mailbox data on the customer’s Azure tenant. It does not move that data to any other location, and data always remains under the exclusive control of the enterprise.

Furthermore, DotAlign Cloud maintains each employee’s data in a separate partition, and each employee is empowered to choose exactly what they want to share with their colleagues.

A composite data set is generated from what employees share, and this composite is computed every hour or so. If an employee changes sharing settings or even stops sharing (for example, if they leave the company, and they request their data to be purged), very soon, the composite incorporates the latest share setting for all employees. This is especially useful for compliance with regulations like GDPR and CCPA, which empower data owners with many rights.

What is the view of other large firms?

DotAlign Cloud has received compliance and security signoffs for pilots and production usage from large banks, a pharmaceutical firm, a large insurance company and several FINRA compliant firms. Competitive and home-grown systems have been used by top-100 law firms and bulge-bracket investment banks for several years.

Why focus so much on privacy and compliance? Isn't this already the firm's data?

Enterprises, more than ever, realize that relationships drive growth, and want to be able to leverage their employee networks. However, this needs to be done very thoughtfully.

Mailbox-derived and network data is unique in that it represents business communications and relationships that often feel personal. Therefore, privacy and sharing sensibilities are very important from a cultural standpoint regardless of whether the employee is subject to GDPR or CCPA.

Also, there are natural boundaries within enterprises. These may be regulatory boundaries, geographical boundaries or boundaries based on seniority. For example, the enterprise may want to curate and leverage the relationships of the C-Suite and make them visible only to a certain set of employees.

There is also the question of the culture of sharing inside the enterprise. Some sectors have teams that compete against other teams within the enterprise. The “share your relationships to win business for the firm as a whole” model does not work there. At these firms, sharing within DotAlign teams but not across them can be ideal, which is fully supported. Partners at a VC firm, on the other hand may be much more collaborative and open to leveraging their relationships to win business for the firm via other partners.

DotAlign provides support for all of the above scenarios, making it easy to leverage relationships to drive top line growth.


How Did We Do?