I would like to see a feature implemented that prevents Third-Party vendors like Extendly and HI Level from having direct access to my instance unless they explicitly give permission. The challenge from a customer, me perspective, is that we have zero ability to track and audit who accesses our sites. To my knowlege 3rd party vendors including HL employees can access all our customer data at any time.

Solution:

Implement a Check Box that enables 3rd party support for 24 hours. Or some other mechanism.

I can't imagine this blanket access would ever pass any SOC 2 Type II compliance checks.