Security

Below are a list of commonly asked questions about how ReviewTrackers manages security.

Will you use my data to build advertising products or sell it to third parties?
No. For more details, visit our Privacy Policy.

Will you disclose or sell the data and PII that I provide you about my customers?
No. We use the data you provide us about your customers only to provide you services and for no other purpose.

Do you have any SLA’s for data quality and performance of the software platform?
Yes, you can review our Master Services Agreement which includes our Service Level Agreement (SLA).

How is my password secured?
We securely encrypt your passwords. All user passwords are encrypted and stored using the bcrypt algorithm. It is an encryption method standard in the industry due to its extreme difficult to dehash. In addition to this, we have advanced password length and complexity rules to prevent brute-force attacks.

What password controls do you offer for our users?
ReviewTrackers provides enterprise-level functionality to enforce security rules specific to your organization. These include, but are not limited to, character count minimums and reset requirements on a regular interval. Ask your account manager for more information.

How do you protect Credit Card and Financial Information?
ReviewTrackers does not store credit card numbers and security information. If you provide a credit card number to purchase a service, it is turned into a secure token by our credit card processing company. We only store the secure token on our systems.

We DO NOT collect or store personal financial data, Social Security Numbers, National Insurance numbers, or government-issued ID numbers of any kind.

How can I protect my ReviewTrackers account?

  • Do not share your ReviewTrackers password with anyone.
  • Make sure that your password includes both numbers and capital letters, and is at least 8 characters in length.
  • Update your password on a regular basis.

Do you have a documented disaster recovery policy?
Yes, this is available upon request, please ask your account manager for more details.

Do you have documented security policies, contingency and disaster recovery procedures?
Yes, this is available upon request, please ask your account manager for more details.

In what country (or countries) is my data stored – both on your infrastructure and for backups?
Our customer data is stored on secure servers in the United States on a secure cloud computing platform at AWS. You can learn more about our Subprocessors here.

What level of security is in place at your data centers?
The Amazon Web Services Security and cloud infrastructure represents that it has been designed and is managed in alignment with regulations, standards, and best practices, including:

  • HIPAA
  • SOC 1/SSAE 16/ISAE 3402 (formerly SAS70)
  • SOC 2
  • SOC 3
  • PCI DSS Level 1
  • ISO 27001
  • FedRAMP(SM)
  • DIACAP and FISMA
  • ITAR
  • FIPS 140-2
  • CSA
  • MPAA

Is the data flowing between the business and the vendor’s cloud-computing infrastructure secured?
Yes. A proven, standard algorithm with at least a 1024-bit key is used for all communications between cloud servers.

Are you HIPAA Compliant?
Yes. Upon request, ReviewTrackers will execute a BAA to meet your compliance requirements with this HIPAA Business Associate Agreement.

Are you PCI Compliant?
Yes. All credit card data is stored securely with our credit card processor Stripe, who is a PCI Service Provider Level 1.

Are you part of the EU-US Privacy Shield and GDPR compliant?
Yes. For compliance, here is our standard GDPR Data Processing Addendum. ReviewTrackers is a EU-U.S. Privacy Shield participant, which can be found here. We have partnered with BBB to address any compliance and disputes, additional details can be found here.

Do you offer any notification of planned or unexpected downtime and security notifications?
Yes, you can subscribe to real time alerts on our status page, via this link. Click subscribe to updates.

Do you do background checks on your employees?

  • Employees go through a background check and a reference check before they are hired.
  • Employees and contractors all sign a confidentiality agreement.

What third-party security assessments have you completed?

  • Application and website undergoes annual penetration testing.
  • Application and website undergoes a daily comprehensive security scan with alerts.
  • Certificate of results is available upon request for penetration testing, please ask your account manager for more details.

Do you have a bug bounty program?
Yes, please see our bug bounty policy to learn more.

Do you have liability and cyber insurance policies?
Yes, please talk to our account manager to request a certificate of insurance.

Do you train your staff on security and password management?
Yes, our team gets regular communications and trainings from our IT team. We also utilize a password management to ensure compliance of guidelines and reset passwords for access to our systems every 90 days for employees.

Where can I learn more about protecting my privacy and security on?
This document contains only answers to frequently asked questions. We have developed a robust Privacy Policy, which you can access here.