Shared responsibility

Notices

This document is provided for informational purposes only. It represents Alida's current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of Alida's products or services. This document does not create any warranties, representations, contractual commitments, conditions or assurances from Alida, its affiliates, suppliers or licensors. The responsibilities and liabilities of Alida to its customers are controlled by Alida agreements.

The terms set out in the above notice may be changed by Alida without notice or consent.

Customers should ensure they are reviewing the latest version of the document as it may be updated at any time without notice. The latest version of this document is always available on our website at: https://www.alida.com/hubfs/shared_responsibility_security.pdf

Studies

Our Community Platform provides a flexible platform for collecting information from community members. It is important when designing studies that survey authors ensure the questions asked comply with their Communities privacy policy, your company policy and any relevant local privacy laws. Users should not upload any data to their Community that requires specialized access protection (such as Bank Account Numbers, Social Insurance Numbers or the equivalent).

Customers who are required to comply with HIPAA legislation should be aware that Member Image Upload questions are hosted in AWS by a third party that is not covered by a Business Associate Agreement.

Customers in the European Union should be aware that the Member Image Upload questions are hosted in AWS USA by a third party SaaS provider that has not entered into Standard Contract Clauses however that third party operates out of Israel, which has equivalency under EUJC rulings and therefore is not required to enter into Standard Contract Clauses. However, that third party does have inter-company data transfer agreements.

Community Specifics

Community also provides an advanced scripting capability. Users who script or otherwise customize the behavior of their Community install are responsible for the quality of their own code and ensuring they comply with the secure coding guidelines of their own company.

Community and Surveys Specifics

Community and Surveys also include the ability to utilize external survey tools; customers are responsible for the security of such integrations as they are outside Alida's control.

The integrated Discussion Forum’s capability is an open discussion forum and customers should be conscious of which topics they raise in their discussion forums with their community members as once invited into a discussion there are no additional access controls and all members of a single discussion can see the content of other discussion participants.

API Access

You need to use the appropriate regional endpoint to ensure that you comply with your organization's privacy policy, data export laws, and any other regulations that specifically apply to the type of data being sent. Alida provides the following region-specific API gateways:

• api.na1.alida.com
• api.na2.alida.com
• api.eu1.alida.com
• api.eu2.alida.com
• api.ap2.alida.com

To identify the correct region for your organization, sign in to Community as an Admin and select Product Settings > API to navigate to the API page.

The region for your organization is listed in the API URL section.

You may need to update your legacy applications or scripts to use the new region-specific gateways.

Customers are solely responsible for their use of the API and handling of API credentials; customers should create dedicated API access accounts for managing and auditing access to the platform.

The API is covered under Alida's Standard Contractual Clauses to comply with European data protection and export laws.