EngageOne Converse 1.9 Security Summary and White Paper

This is an overview of the main security considerations for EngageOne Converse. You can find
more information about these points in the remainder of this document.

Cloud-based tools and services
• Converse uses HTTPS (TLS 1.1 or higher) for all internet traffic.
• All Converse tools (Designer, Live Takeover, Converse Analytics) and bot services are hosted on
Amazon Web Services (AWS). See here for what this means.
• Pitney Bowes has a global Single Sign On mechanism for all its online services.
• Users only have access to their company account.
• Pitney Bowes run annual threat scan and penetration tests to examine the security of Converse
software.

Handling of personal data
• Use of regional AWS servers ensures that data stays in the country of origin.
• Data used in a live conversation persists for the session, and is lost when the session times out.
• Data at rest is only stored if the client enables Converse Analytics.
• Answers to specific questions can be encrypted, during live conversations, in analytics data and
when sent to back-end systems.

Note: Pitney Bowes counts the number of sessions in order to understand how clients are
using Converse. For example we record that a conversation has taken place but not what it
was about.

Converse Analytics and third-party analytics tools
Optionally clients can track conversations in order to measure the success of their bot:
• For third-party analytics tools, data (including any encrypted data) is sent to the analytics tool
in real time. It is not stored by Converse.
• For Converse Analytics, analytics data includes, for example, numbers of users and conversations,
top user messages and the number of times users sent a message for which the bot had no
answer. This data is stored by Converse. Clients can access a transcript of each conversation.

Encrypted data is never displayed in Converse analytics data or transcripts.

Note: Bots must be designed to minimize the amount of personal data that needs to be
entered in live conversations. Encryption is also available.

The full white paper can be read here:  https://docs.converse.pitneybowes.com/_Security/engageone-converse-v1-9-security-whitepaper.pdf
UPDATED:  August 19, 2019