Acquire
Solutions
Platform
Remote Customer Service
Connect directly with your customers, any time and from anywhere in the world.
Unified Agent View
Unify all your digital support channels for better agent and customer experiences.
Better Business Performance
Drive engagement and retention by resolving issues faster and connecting with customers.
Customer Stories
Read first-hand case studies from our customers.
Features
Read article
Live Messaging
Maximize conversation volume with Acquire’s live messaging.
Read article
Read article
Workflows
Optimize customer service teams efficiency through workflows.
Read article
Read article
Call Deflection
Implement queues and SLAs to efficiently manage communications.
Read article
Read article
Voice & Video Calling
Have face to face conversations in seconds with Acquire videos.
Read article
Coming Soon
Salesforce Integration
Purpose-built for customer service teams using Salesforce
Read article
Resources
Featured
Blog
7 Ways to Improve Customer Focus
webinar
Why the Moment for Video Chat for Business is Now
library
The Complete Guide to Chatbots
Resources
Library
Guides, eBooks, factsheets, and much more.
Blog
Insights, trends, tips, and tricks about all things customer support.
Webinars & Events
Industry-leading webinars and events from team Acquire.
using acquire
Documentation
Help Docs
Documentation
Product Updates
Documentation
API Docs
Pricing
Sign in
Book a demo
Follow acquire on youtube
Follow acquire on Twitter
Follow acquire on LinkedIn
Follow acquire on Facebook
Sign in
Book a demo
Open Navigation
Close Navigation
Privacy Policy
Cookie POlicy
Terms
Privacy Policy
GDPR
EULA
Google API
Security

Building customer
trust by ensuring
data security

Content
Our Security Commitment

Our Security Commitment

Acquire works tirelessly to ensure the protection of customer data within our custody and the continuous improvement of our information security management practices. Acquire aims to ensure the appropriate confidentiality, privacy, integrity, and availability practices are maintained in accordance with the requirements of data security standards as outlined by the SOC2 Trust Service Principles.

Acquire ensures that the SOC2 security commitments are well documented and illustrated to user entities through our website, contract agreement, or in a service level agreement.

Organizational Security and Compliance

Acquire is committed to ensuring that personal data obtained and processed is done in accordance with the associated regulations and/or code of conducts laid out by SOC2 Trust Service Principles, HIPAA, GDPR and its principles, and PCI-DSS. Formal IT policies and procedures exist that describe physical security, logical access, operations, change control, and data communication standards.GDPR and its principles, and PCI-DSS. Formal IT policies and procedures exist that describe physical security, logical access, operations, change control, and data communication standards.

Personnel Security and Training

The Acquire workforce includes partners, regular employees, and independent contractors who have direct access to our internal information systems. Our personnel policies and practices relate to employee hiring, orientation, training, evaluation, counseling, promotion, and disciplinary activities. Security and privacy training is performed upon hire and on a semi-annual basis which includes but is not limited to device security, acceptable use, malware prevention, data privacy, and incident reporting and data breach procedures. All employees are required to acknowledge our confidentiality terms and adhere to our information security policies. Acknowledgment occurs on an annual basis. Issues related to security and privacy are required to be reported immediately to the compliance team. Upon termination of employment at Acquire, all access to Acquire systems is removed immediately.

Physical Security

The Acquire platform is exclusively hosted on Amazon Web Services (AWS) facilities in us-east-1 (N.Virginia), us-east-2 (Ohio), ap-south-1 (Mumbai), ap-northeast-2 (Seoul), ca-central-1 (Canada), and eu-central-1 (Frankfurt), having a total number of 40 servers which provides robust, physical data center security and environmental controls. AWS provides secure, high-performing, resilient, and efficient infrastructure. For more information on AWS security visit https://aws.amazon.com/compliance/soc-faqs/

The Acquire corporate offices require badge access for entry, maintain video surveillance, and require all visitors to sign in and be accompanied by an Acquire employee when on the premises.

Security by Design

Acquire understands the security risks associated with software changes introduced during the Secure Development Lifecycle. Our security team adheres to OWASP Top 10 to categorize risks as high, medium, or low. All updates or changes to the production system, be they code or system configuration changes, require review prior to deployment to the production environment. Acquire applies change control requirements to systems that store data at higher levels of sensitivity, including Personally Identifiable Information.

Infrastructure Security

Our network, infrastructure, and architecture have multiple protection layers that ensure the highest levels of security and control, which include:

Access Control

‍Access to production networks is controlled through multi-factor authentication over HTTPS encrypted protocol.

Strict firewall rules restrict access to vulnerable ports to ensure secure and limited access to the production environment.

Acquire also utilizes intrusion detection systems in our corporate network to identify potential security threats.

Login Security

‍Each user can log in with their unique username and password with specific authorization and permission levels as controlled by the account administrator.

Password complexity conforms to defined password standards and configuration.

Logical Access

‍Access to data, system utilities, and program source code libraries are controlled and restricted to those authorized users who have a legitimate business need.

Responsibilities and duties are well segregated to avoid repudiation and incompatibility of responsibilities.

Data Center

‍Acquire services are hosted in an advanced data center operated by a recognized industry leader, Amazon Web Services (AWS). Our vendor adheres to the highest industry standards of quality, security, and reliability and continuously monitors the environment using automated compliance checks based on the AWS best practices and industry-recognized standards.

Application Security

Acquire protects all channels in our service. All visitors are ‘tagged’ with an Acquire tracking code and chat sessions between chat agents and visitors are monitored. Acquire employs both internal and external testing of our product to ensure the stability of our channels.

Vulnerability Assessment and Penetration Testing

‍Vulnerability scans are performed at least quarterly on the environment to identify control gaps and vulnerabilities. Vulnerabilities found are resolved within a reasonable timeframe by our security team.

A third party performs penetration testing annually to identify and exploit vulnerabilities identified within the environment.

Incident Response and Data Breach

‍Acquire documents incident response and escalation procedures for reporting security incidents that are adopted to guide users in identifying, reporting, and mitigating failures, incidents, concerns, and other complaints.

When security events are detected they are escalated to the respective response team. Response time to address the event is two hours. Acquire makes sure to notify the supervisory authority of a Personal Data Breach within 72 hours of becoming aware of the breach.

Data Encryption in Transit and at Rest

‍All data sent to or from Acquire is encrypted in transit using AES256-bit encryption. Our API and application endpoints are TLS/SSL only and score an “A+” rating on Qualys SSL Labs’ tests.

Acquire uses end-to-end encryption for data in transit which ensures that only communicating users can read what is sent, and no other parties, including Acquire, can intercept the message.

Acquire uses a Security Hash Algorithm (SHA2) for all password entries. Acquire stores the customer’s sensitive data such as name, email, phone numbers, remarks, and chat transcripts in a MySQL Database.

Data is encrypted automatically, in real-time, prior to writing to storage. As a result, hackers and malicious users are unable to read sensitive data from tablespace files, database backups, or disks.

Backup and Disaster Recovery

‍Acquire ensures that customers can balance the need to store backups at multiple locations in case of a disaster with the need to keep their data out of certain geographies. AWS provides clear data maps and geographic boundary information for all data centers.

The disaster recovery plan is tested on an annual basis.

Data Collection and Disposal

‍As an Application Service Provider, Acquire collects personal information such as name and contact details, chat, messaging transcripts, and information related to browsing on behalf of the customer and use of our software.

Customer data will be deleted from the Acquire system upon the termination of an account or data retention expiration deadlines. Acquire hard deletes all information from currently-running production systems. Backups are destroyed within 15 days. Acquire follows industry standards and advanced techniques for data destruction.

Payment Security

‍All payments are accepted through secure ACH or wire transactions. Credit card payments are accepted through Stripe, which strongly adheres to PCI-DSS requirements. Details can be found on Stripe Security Page at https://stripe.com/docs/security.

Acquire prevents any unauthorized disclosure and use of cardholder data in full compliance with PCI-DSS requirements. Acquire does not store any cardholder data.

Reporting Security Vulnerabilities to Acquire

Acquire aims to keep its services safe for everyone, and data security is of utmost priority to us. If you are a security researcher and have discovered a security vulnerability in the Acquire’s services, we appreciate your help in disclosing it to us following our Responsible Disclosure Policy. This will ensure the security of our customers, as well as enables us to recognize your efforts.

Any vulnerabilities disclosed to us by this policy will be covered by Safe Harbor – we pledge not to pursue or support any legal action related to your research.

Responsible Disclosure Policy

  • During your research, please do not spam, DOS or DDOS, or perform any social engineering (including phishing) of our staff
  • Notify us of the vulnerability via email to security@acquire.io. Please include your evidence as well as steps for reproducing the issue
  • If the vulnerability is of a sensitive nature, please contact us before sending it on email- we will share our GPG key to encrypt your email
  • To protect our users, please refrain from sharing information about any potential vulnerability outside of Acquire until remediation is completed
  • Certain types of issues are considered as known/acceptable risks, and hence not considered vulnerabilities- these include brute force attacks or other denial of service based issues, mobile issues that require a jailbroken device, clickjacking, cookies flags among others. In all matters on what constitutes or does not constitute a vulnerability, Acquire’s decision will be final.

What to expect after you report a vulnerability

Once you have reported a vulnerability, the following process will kick in:

  • We will investigate and try to reproduce this vulnerability on our own. We may need to contact you during this process
  • We will respond to your email within 48 business hours confirming and acknowledging the findings
  • We will credit and thank you after vulnerabilities have been fixed
  • Depending on severity, we will publicly disclose reported vulnerabilities that we’ve remedied

Acquire’s security statement: https://acquire.io/security/

Give your customers the support they deserve
Book a demo
Acquire
Platform
Remote Customer Support
Unified Agent View
Better Customer Experiences
Customer Stories
Security
System Status
Products
Live Chat
Voice & Video Calling
Workflows
Call Deflection
Salesforce Integration
Resources
Library
Blog
Get Started
Pricing
Contact
Book a demo
Legal
Cookies
Privacy Policy
Google API Service
Security
EULA
GDPR
© 2023 ACQUIRE. All rights reserved.
Follow acquire on youtube
Follow acquire on Twitter
Follow acquire on LinkedIn
Follow acquire on Facebook
Close Cookie Popup
Cookie Settings
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts. More info
Accept All Cookies
Cookie Settings
Close Cookie Preference Manager
Cookie Settings
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts. More info
Strictly Necessary (Always Active)
Cookies required to enable basic website functionality.
Accept All Cookies
Save Settings