Last Updated May 29, 2020

Protecting the privacy and integrity of your data is an absolutely critical priority for us. We have taken a number of steps to demonstrate and execute on this commitment. ReviewnGuide complies with GDPR and CCPA guidelines.

Control of Processing

ReviewnGuide customers have control over the types of data that ReviewnGuide can collect and access on their behalf. All sensitive data is always treated with the utmost care. ReviewnGuide complies with data protection laws and principles outlined in the General Data Protection Regulation(“GDPR”) and California Consumer Privacy Act (“CCPA”) which means that ReviewnGuide data will be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes and not used in any way that is incompatible with those purposes.
  • Accurate and kept up to date.
  • Maintained only for as long as necessary.
  • Kept securely and protected against unauthorized or unlawful processing and against loss or destruction using appropriate technical and organizational measures.

Access Control and Authentication

ReviewnGuide uses industry best practices for authentication and authorization. Further, data access is governed by the principle of least privilege, and strict controls are in place to limit access.

Encryption and Data protection

ReviewnGuide follows industry best practices to deploy encryption for data in transit and at rest, to ensure that data is protected at all times.

Vulnerability Management

ReviewnGuide conducts regular assessments on critical systems with the intent of finding system and application vulnerabilities. This proactive approach to security allows ReviewnGuide to mitigate weaknesses before they are attacked.

Accessibility

ReviewnGuide is committed to ensuring digital accessibility for individuals with disabilities. ReviewnGuide conforms to Section 508 / Web Content Accessibility Guidelines (WCAG 2.1) level AA.

Breach Detection and Response

ReviewnGuide uses a managed solution for safeguarding applications running on our platform and a threat detection service that continuously monitors for malicious activity and unauthorized behavior. We also log access requests and usage of the platform to further facilitate security incident monitoring and response. 

In the event that a security incident is detected, the ReviewnGuide Security Team will act promptly to identify, contain, mitigate, and recover any ill effects of the incident. We use every incident as an opportunity to improve our systems and to be proactive in mitigating future ones.

Audit

ReviewnGuide maintains a NIST-based information security management system with controls that are audited internally and externally on a regular basis. Continuous improvement is in our DNA. We are always focused on improving the processes and controls that govern our data security and privacy.

Infrastructure and Security by Design

The ReviewnGuide platform has been designed with the security of our customer’s data in mind, and a defense in-depth approach has been adopted, which provides multiple layers of security controls to protect data each step of the way.

Data Minimization and Pseudonymization

ReviewnGuide only collects the least amount of data that is necessary to operate the ReviewnGuide platform and deliver our services. Data anonymization is implemented where appropriate in order to further protect it.

Data Privacy

ReviewnGuide keeps sensitive data strictly confidential and subject to confidentiality obligations by our staff. ReviewnGuide does not permit any person to process sensitive data who are not under such a duty of confidentiality.