At ShortPoint, the privacy and security of our customersʼ data is our priority. This article tackles the safety and security practices we use at ShortPoint to integrate our design features into your environment without getting any information from it.
TABLE OF CONTENTS
- Security at ShortPoint
- What changes can you expect after you install ShortPoint SPFx?
- Does the ShortPoint SPFx app have access to the data on my environment?
- What types of data does ShortPoint collect?
- How is the Usage Information being sent?
- Can I disable sending usage data completely?
- How long does ShortPoint keep my data?
- How is security ensured and maintained at ShortPoint?
- Is ShortPoint reliable?
- Need further assistance?
Security at ShortPoint
Learn firsthand from Yana Li, our Senior Manager of Information Security and Compliance, how we ensure all our products are designed with privacy and security in mind.
What changes can you expect after you install ShortPoint SPFx?
Here is what you can expect after you Install ShortPoint SPFx into Office 365:
- The app will appear in the list of installed apps in the Tenant App Catalog.
- Two new items will appear in the Site Contents of the site where you installed ShortPoint:
- ShortPoint SPFx Dashboard
- ShortPoint SPFx
These new items will not appear on other sites except the one where the initial installation of ShortPoint was made until you decide to add ShortPoint to more sites.
- The ShortPoint web part icon will become available in the list of available web parts that you can add while editing a Modern SharePoint Site Page.
- If you use install ShortPoint in a Classic SharePoint Page, you will see a Plus icon in edit mode.
Other than these changes, there will be nothing else that appears in your environment after installing ShortPoint SPFx. No existing page designs will be affected. ShortPoint will not change lists, libraries, systems, or content pages in your environment, as well as affect the existing look and feel (branding) of your Intranet after installation.
Does the ShortPoint SPFx app have access to the data on my environment?
When you install ShortPoint on your environment, it will run entirely on your sites. ShortPoint does not access, edit, or store your data.
Below, we will explore how ShortPoint works in an Office 365 environment:
- ShortPoint is installed entirely in your environment.
ShortPoint uses the SharePoint Framework (SPFx) development model which supports client-side SharePoint development and integration with SharePoint data. It is also referred to as a full trust client-side solution. By its nature, it contains full trust client-side code and can run in full trust.
All scripts are executed within the safety of your SharePoint environment and we do not have access to your content by any means. We also set further security features to ensure that all data and information are safe at all times.
- ShortPoint operates by adding code to the page content.
For example, when you insert a ShortPoint Design Element to a page, it adds a code (ShortPoint plain text markup language) to the page content. When the page is loaded, the ShortPoint JavaScript engine will convert the ShortPoint code with the latest UI markup. The rest will be handled by the browser's JavaScript engine.
- ShortPoint does not create any new master or content pages.
ShortPoint saves a plain text code in the page content. ShortPoint works and integrates seamlessly with Microsoft SharePoint authoring features. It does not create any new master pages, page layouts, or other pages. ShortPoint works with SharePoint OOTB master pages, page layouts, content editor web parts, and page content fields.
What types of data does ShortPoint collect?
ShortPoint only collects:
- ShortPoint License Activation and Protection information which includes:
- First Name
- Last Name
- Business Email
- Direct Phone
- Country
- Job Title
- Company Name
- Company Type
- Environment
- Tenant URL
- Number of ShortPoint Editors
- Product usage numbers / Usage Information which includes:
- ShortPoint Users Information (email, name, and all available profile properties);
- ShortPoint License information used for the activation;
- Browser information for debugging and support;
- Current Page URL;
- ShortPoint version;
- ShortPoint package type (WSP Solution, Add-in, SPFx);
- Environment ID and type (Office 365, SharePoint 2019, SharePoint 2016, SharePoint 2013);
- Counters' data on how many times the ShortPoint User:
- Opened the Page Builder
- Inserted the ShortPoint Design Element and what that Design Element was
- Opened the Theme Builder
- Used the Power BI
- Installed ShortPoint, and the site URL where it was installed
- Uninstalled ShortPoint, and the site URL where it was uninstalled
NOTE: For the full list of usage information collected by the ShortPoint software, you may contact privacy@shortpoint.com.
How is the Usage Information being sent?
- ShortPoint calls our highly secure and protected activation.shortpoint.com/api, using the secure channel HTTPS.
- The Event properties object is serialized as JSON, encoded to Base64, and sent as a formed body.
- Events are sent only while editing the pages. Nothing is sent while the users are viewing the pages.
Can I disable sending usage data completely?
Yes, we still grant our customers the ability to deny product usage data collection. You can block access to the activation.shortpoint.com domain.
For SharePoint Online: You have to unblock it only when you need to apply the license or change the assigned ShortPoint users.
How long does ShortPoint keep my data?
ShortPoint keeps your data for at least three years. However, we respect your privacy, and you can request to delete all your data from our systems at any time. You may send this request to privacy@shortpoint.com.
How is security ensured and maintained at ShortPoint?
ShortPoint continuously monitors 140+ security controls across the organization. Our security policies and procedures are regularly reviewed, approved by management, and communicated to all employees. Furthermore, the development of all product functionality is reviewed by our security committee and ShortPoint conducts mandatory security code reviews for all changes.
We also partnered with Drata for continuous monitoring of security controls and compliance across the organization. In addition, ShortPoint works with an independent auditor BARR Advisory to maintain a SOC 2 Type 2 report, which objectively certifies our controls to ensure the continuous security of our customers.
NOTE: To check and see the SOC 2 Type 2 Report, you may send a request here.
Is ShortPoint reliable?
Here are some of the methods we implement to ensure that ShortPoint is reliable:
- Night Watch Testing
We run daily end-to-end automated testing to detect any change that may affect ShortPoint product performance, allowing us to effectively catch any requirements for updates and fixes in record time.
- Upgrade Control
We have features that provide you with control over when and how your sites are upgraded. ShortPoint upgrades are seamless and efficient with no downtime, and no changes affecting your existing sites and designs.
- SandBox Mode allows you to test new releases in a secure environment where you can view changes or improvements that are implemented and test them without affecting published pages.
- One Click upgrade allows you to push a ShortPoint upgrade to all site collections within your tenancy at once from a single location with just one simple click.
- Auto Upgrade allows you to be automatically upgraded to the latest ShortPoint version upon every public release.
- Live Status Updates
We provide real-time updates about potential service outages on our Live Status dashboard. Any user can access it at any point in time to check the operation of all ShortPoint services. Also, we send email notifications to subscribed individuals.
- ShortPoint Designs Stay with You
Our designs are entirely saved within your page. If you remove ShortPoint completely, your designs will still be saved. If your computer crashes while you are designing, your work will be auto-saved. However, they may still be cases where your designs may not be saved due to unexpected errors caused by the computer crash.
Need further assistance?
You can check out our Security Page and our ShortPoint Privacy Policy for more information about our Data Protection and Privacy. You can also reach out to our security team at security@shortpoint.com.