InfoSec
Where is activity data stored by People.ai and which regions of the US are the data centers?
Can you harvest data from personal phone or text?
We intentionally avoid integration with personal phone communications to avoid the perception of being too invasive of our customer’s employee personal data.
Instead we integrate with 3rd party VoIP or Unified Communication (UC) vendors such as RingCentral, Dialpad, Fuze via Salesforce.
How can we make sure that sensitive file attachments within emails are protected?
People.ai never ingests or processes email attachments.
How is “time spent” by AE calculated?
Calculating time spent is a capability that’s unique to People.ai.
For meetings, we look at the duration on the calendar and break out time for all of the participants. For emails, we have NLP models that differentiate between blast emails and personalized ones, as well as analyze the complexity of the email, in order to estimate time spent writing or reading emails.
How People.ai compete or integrate with Outreach or Salesloft?
We do not compete. We are complementary.
Almost all People.ai customers have a cadence application like Outreach and we have a pre-built connector for outreach data.
People.ai is deployed to help understand GTM data for all communications by all GTM team members, not just communication sent through the Outreach plugin by BDRs.
How is People.ai GDPR compliant?
Yes, we were built from the ground up to be GDPR compliant. People.ai was founded around the same time that the original GDPR laws were put into effect (circa Spring 2016). As a result, all of our internal tools and processes have been built with GDPR compliance by design.
Is People.ai some kind of a “Big Brother” technology?
Ask whether the customer already has other technology already ingesting email or calendar data.
Most often sales reps feel we are making their life easier. The CMO at Palo Alto Networks received a standing ovation when he announced sales teams would no longer have to enter Contacts and Activities into Salesforce.
We do not process or read internal communication, personal or sensitive emails. Our Filtering technology goes to great lengths to prevent this.
What are the different types of matching models employed by People.ai to find the correct match?
1) Seller matching models
2) Buyer matching models
3) Exclusion matching models
Which Pai products are compatible only with lightning?
- Classic and Lightning: Pai Data Foundation, ClosePlan
- Lightning: Pai Sales Solution (can also be deployed standalone)
How is People.ai different from Quip?
Quip is a great embedded document editor (like google docs) with collaboration on freeform text. There is a steep learning curve for new users and the data within quip is not easily reportable.
People.ai provides:
- Relationship mapping - detailed organizational charts can be built in context with the opportunity.
- Deal Scorecards create a common language across your team with deal qualification scorecards that adapt to any sales methodology. Sales can now qualify opportunities in a simple and intuitive way.
- Purpose-built, detailed playbooks based on best practices and defined events in the sales cycle.
Which legal provisions within GDPR and CASL provide your customers the ability to establish "Legitimate Interest" or "Implied Consent"?
GDPR - Article 6-1f - Lawfulness of Data Processing. "Legitimate interest"
CASL - Section 10(9a) - Commercial electronic messages. "Implied Consent"
Cold email: If you send an email to an individual at an external domain from which you have not received a response in the past 365 days.
People.ai’s blast email detection algorithm looks at various factors to determine whether a group of messages should be considered blast emails. These factors include:
Our salesforce instance is polluted with too many apps already and we don't have any fields left on key objects like Accounts, Opportunities, and Contacts.
How will you work in this type of environment?
- Customers have packaged and package-less installation options into SFDC
- Package-less installation is easy and secure and gets around object field limitations
- People.ai APIs can send the same data to a warehouse of their choice if CRM is not an option.
Clari says they can also capture contacts. Why are People.ai captured contacts better?
Data Source: People.ai harvests contacts by scraping first-party data (email signatures from customers) from your sales reps inboxes. Clari creates contacts from a 3rd party data source, which is typically lower in quality.
In a customer side-by-side comparison, People.ai creates 1.5 more contacts and has 2.5x better title coverage.
Finally, People.ai provides GDPR / CCPA / CASL compliant contacts with country and activity data to help establish "legitimate interest" or "implicit consent". Clari does not have this functionality and can put you at risk of non-compliance.
How is data encrypted at rest and in motion?
- AES-256 at rest
- TLS v1.2 or higher for transport
How do we ensure that processing customer data through People.ai is legal?
- Look up the customers publicly facing privacy policy (example: https://www.morningstar.com/company/privacy-policy)
- Great news! People.ai data processing and scope is already covered by your existing privacy policy under "How we collect your information" and "Personal information we collect"
There were big concerns raised over non-opt in contact acquisition even through our own emails. Emailing back and forth with someone on our sales team doesn’t give explicit opt-in. How are others handling this?
Regarding “Opt-in”: People.ai does not impact the opt-in status of contacts. We agree that a contact engaging “with someone on your sales team doesn’t give explicit opt-in” so we recommend People.ai contacts follow your existing marketing rules as any sales-created contact in your system. For example, if People.ai creates a contact, but they have unsubscribed from marketing communications, you would honor that unsubscribe preference.
We recommend you handle People.ai contacts (automatically created from your reps email/calendar activity) the same way you would handle contacts, manually created by your reps from their email and calendar activity.
People.ai seems to require an IT administrator to set up and connect. Why do you not support OAuth for each user as an integration approach?
- Painful for audits (Managing access to tokens)
- User adoption
- Data trust compromised if not fully deployed
Where is Einstein activity capture stored and why does it matter?
Stored in AWS, resulting in silo'd CRM data across CRM and AWS - making it tough or impossible to report on.
With People.ai being hosted in the US, How do you protect international data transfers if we deploy in the EU?
We use the Standard Contractual Clauses (SCCs) for international transfers because under the GDPR’s Articles 45 and 46, the SCCs are recognized as one of the appropriate safeguards for international data transfers.
Since our inception, we have used the SCCs because they have the longest track record (over 20 years) of being upheld as an appropriate safeguard for international data transfers.
For example, the Schrems I case led to the invalidation of the U.S.-EU Safe Harbor Framework, which resulted in the creation of the EU-U.S. Privacy Shield. However, Schrems II led to the invalidation of this Privacy Shield. In both of these cases, the SCCs were upheld as an appropriate safeguard for international data transfers.
Do we need employee consent to process their email data through People.ai?
The United States has no single, principal data protection legislation. Rather, the United States has a number of sector-specific laws focused on specific types of data. Only a few of these laws require opt-in or consent (e.g., the Children’s Online Privacy Protection Act (COPPA) and the Fair Credit Reporting Act (FCRA)).
The processing performed by People.ai does not fall within any of the sector-specific laws that require consent.
Accordingly, there is no United States law that requires employee consent before deploying a new service provider, such as People.ai.
Additionally, consent is not required even under the far more privacy-forward regulations of the GDPR. In fact, under the GDPR, European data protection regulators have indicated that consent should not be relied upon in an employer-employee relationship for a legal basis for processing. Under the GDPR, consent must be freely given. Recital 43 of the GDPR notes that “consent should not provide a valid legal ground for the processing of personal data in a specific case where there is a clear imbalance between the data subject and the controller.” The Article 29 Working Party’s guidance specifically calls out the employer-employee relationship as a situation where an imbalance exists.
Accordingly, not only is consent not required, but consent should not be used as the legal basis for processing.
How can I be sure that we won’t run out of storage on salesforce.com for all the activities and contacts you capture?
Typical Implementation (Example):
Average of 250 contacts per rep recovered
For a field team of 1000 (current & departed), that’s 250,000 contacts recovered
250k contacts x 2kb/contact takes up about 500mb of data
Salesforce.com data storage is cheap - $1,500 / year for 500mb of data storage
This is less than $0.01 for each high value, evergreen contact that otherwise would not have been captured into your database
What platform is PeopleGlass hosted on?
Heroku.
How is People.ai different from Salesforce Inbox
- Requires manual plug in installation by user into email client (Incomplete Adoption)
- Requires manual effort by end user (Incomplete Data capture)