Last Updated May 29, 2020
Protecting the privacy and integrity of your data is an absolutely critical priority for us. We have taken a number of steps to demonstrate and execute on this commitment. PowerReviews complies with GDPR and CCPA guidelines.
Control of Processing
PowerReviews customers have control over the types of data that PowerReviews can collect and access on their behalf. All sensitive data is always treated with the utmost care. PowerReviews complies with data protection laws and principles outlined in the General Data Protection Regulation(“GDPR”) and California Consumer Privacy Act (“CCPA”) which means that PowerReviews data will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes and not used in any way that is incompatible with those purposes.
- Accurate and kept up to date.
- Maintained only for as long as necessary.
- Kept securely and protected against unauthorized or unlawful processing and against loss or destruction using appropriate technical and organizational measures.
Access Control and Authentication
PowerReviews uses industry best practices for authentication and authorization. Further, data access is governed by the principle of least privilege, and strict controls are in place to limit access.
Encryption and Data protection
PowerReviews follows industry best practices to deploy encryption for data in transit and at rest, to ensure that data is protected at all times.
PowerReviews conducts regular assessments on critical systems with the intent of finding system and application vulnerabilities. This proactive approach to security allows PowerReviews to mitigate weaknesses before they are attacked.
PowerReviews is committed to ensuring digital accessibility for individuals with disabilities. PowerReviews conforms to Section 508 / Web Content Accessibility Guidelines (WCAG 2.1) level AA.
Breach Detection and Response
PowerReviews uses a managed solution for safeguarding applications running on our platform and a threat detection service that continuously monitors for malicious activity and unauthorized behavior. We also log access requests and usage of the platform to further facilitate security incident monitoring and response.
In the event that a security incident is detected, the PowerReviews Security Team will act promptly to identify, contain, mitigate, and recover any ill-effects of the incident. We use every incident as an opportunity to improve our systems and to be proactive in mitigating future ones.
PowerReviews maintains a NIST based information security management system with controls that are audited internally and externally on a regular basis. Continuous improvement is in our DNA. We are always focused on improving the processes and controls that govern our data security and privacy.
Infrastructure and Security by Design
The PowerReviews platform has been designed with the security of our customer’s data in mind, and a defense in depth approach has been adopted, which provides multiple layers of security controls to protect data each step of the way.
Data Minimization and Pseudonymization
PowerReviews only collects the least amount of data that is necessary to operate the PowerReviews platform and deliver our services. Data anonymization is implemented where appropriate in order to further protect it.
PowerReviews keeps sensitive data strictly confidential and subject to confidentiality obligations by our staff. PowerReviews does not permit any person to process sensitive data who is not under such a duty of confidentiality.