Frequently Asked Questions

WHO CAN ACCESS OKR People?

Only users with a valid and verified company Email address can join OKR Software Tool company account.

WHERE IS THE DATA HOSTED?

OKR People is hosted in US Amazon Web Services Cloud. It is hosted in AWS US East data centers with 24/7/365 video surveillance, biometric and pin-based locks, strict personnel access controls and detailed visitor entry logs. Here are are some of the security features AWS takes to protect your data.

A secure, SAS70-certified Tier 4 data center
Firewalls
Intrusion detection
SSL and application security
24/7 security monitoring
Third-party certifications for security practices

WHAT ARE OKR People’S POLICIES REGARDING OUR DATA AND DATA PORTABILITY

All rights to your data are maintained by you. We provide you the ability to easily export your data and take it elsewhere, if desired.

Your contact data will never be shared with or sold to a third party, except for the limited purposes described in our Privacy Policy.
So long as your account is active, you have full access to your information, for viewing or transfer, at any time.
Information can be downloaded in a variety of popular formats.

CAN WE PERFORM AN ON‐SITE VISIT OR AUDIT OF YOUR FACILITIES?

OKR People does not permit customers to perform on‐site audits. With customers all over the world, this is not feasible, and it is also a risk to the security of the service. We will answer any security questions openly and transparently.

HOW IS DATA SEPARATED FROM OTHER CUSTOMERS?

OKR People is a true multi-tenant model. Customers’ data is logically separated with strict controls to ensure separation of tenant data. The web application servers of OKR People are physically and logically separated from servers that store customer data.

HOW WILL OKR People MAINTAIN THE CONTINUITY OF OUR SERVICE, SPECIFICALLY ABOUT UPTIME AND DISASTER PROTECTION?

By leveraging Amazon web services Cloud, we can provide the following

Your data is backed up multiple times a day and protected with strong encryption on disk. Backups are transferred to a different region securely and properly deleted after four months.
Minimum uptime of 99.5%
Redundant operations in off-site locations, in case of a catastrophic event (fire, earthquake, etc.).
Back-up servers to avoid service disruptions if a piece of hardware fails.
Around-the-clock performance monitoring so that issues can be detected and addressed promptly.

WHO HAS ACCESS TO THE DATA?

Only a senior Database administrator has Access to the customer data. The Database administrator provides access to support staff on a case by case basis when support requests come from customers. All access is logged and regularly audited.

WHAT PROTECTIONS DOES OKR People USE TO PROTECT CLIENTS DATA

Criminal background checks for all employees
Restricted access through keycard entry and monitoring
Locked, climate-controlled Server rooms operating with Uninterruptable Power supplies and redundant internet connections
24/7 recorded video monitoring of all facilities
Encrypted connections between our facility and AWS Cloud Services
Restricted access to Client data

IS THE DATA ENCRYPTED?

All data in transit into and out of the production environment is encrypted at all times. Communication with OKR People is over HTTPS (TLS 1.2 supported) regardless of user endpoint (web, desktop app, mobile app, API). In addition to being encrypted in transit, All personal data of users are encrypted at rest with AES-256 bit key encryption.

DOES OKR People SELL OUR DATA?

No. OKR People does not mine or sell any customer data. All data belongs to the customer (either the user or the organization).

CAN I EXPORT ALL MY DATA?

In OKR People, verified Administrators can export all User data, Past OKR Cycle information, Objectives, Key results and Check Ins

WAS THERE ANY SECURITY BREACH IN THE PAST.

OKR People is now five years old, and there has been no report of breach or leak of customers data out of OKR People. The company behind OKR People is 15 years old, and this company has worked with pharmacies in the US for the past 14 years. The confidentiality of the client data has been our utmost priority ever since the inception. The company has also worked with fortune 500 companies like Farmers Insurance and Enterprise Rent-A-Car in the past.

Data Processing Addendum

We offer data processing addendums (DPAs) for our customers that operate in the EU. Our DPA offers contractual terms that meet GDPR requirements and that reflect our data privacy and security commitments to our clients. You can see a sample of the addendum here.

To ensure no inconsistent or additional terms are imposed on us beyond that reflected in our standard DPA and model clauses, we cannot agree to sign customers’ DPAs. As a small team we also can’t make individual changes to our DPA since we don't have a legal team on staff. Any changes to the standard DPA would require legal counsel and a lot of back and forth discussion that would be cost prohibitive for our team.

Once you complete this form, the addendum will be signed electronically by both parties, and become legally binding. A copy of the signed addendum will be EmailAddressed to you. Drop us a line if you have any questions.

What’s the name of your company?

What country does your company operate in?

What’s your full name?

What’s your EmailAddress address? We’ll never use this EmailAddress for marketing purposes.

What’s your role at this company?

Are you authorized to sign on behalf of this company?

Yes No

Sign Agreement

You can download our Privacy Policy here

You can download our Security Policy here