Is the CrescoData Platform Secure?
The CrescoData Platform is secure + GDPR compliant. All data is encrypted.
Is data encrypted at rest?
Yes, all data is encrypted at rest and data stores are periodically reviewed for their encryption requirements and settings.
How does CrescoData handle data retention?
CrescoData has regular reviews of its Data Security Policy and Process. This includes:
- regular reviews of data stores
- classification of data store based on personal data
- review of encryption requirements
- review of retention policy
How does CrescoData handle personal data?
CrescoData only handles data relevant to the customer project and therefore maps only the information needed to provide the desired services. Reporting data is calculated in a secondary, anonymised database.
Is Customer Data Stored?
- Yes it is stored. It is not analysed to be consolidated (ie can’t search or pull via all orders from a certain person and it does not include credit card data. We don't process or store credit card information. No payment processing. Customers shipping and billing addresses are stored as part of the order which follows the marketplace APIs standards
- All data is encrypted at rest
How Does Cresco Data handling Personally Identifiable Information (PII)?
The following Policy will come into effect from 10th December 2021 and will apply to all historic and future data stored in the Cresco Data Platform.
All records that meet the following conditions, will automatically be deleted from the Cresco Data Platform and will not be made available for download:
- any records containing Personally identifiable information (PII) 90 days after their creation
- all other records two (2) years after inactivity
If you would like to retain a copy of the above data, you can export this information via the Cresco Data Management Portal before 10th December 2021.
Has a penetration test been done on the CrescoData platform?
Yes, penetration tests are performed on a regular basis again the CrescoData API as well as all CrescoData UIs including the CrescoData Management Portal.
In addition, regular reviews of data flows are done to identify attack surfaces and test and document how these will be handled.
Can I request the removal of my personal information?
Yes, requests can be sent to firstname.lastname@example.org requesting the removal of personal data.