At Trustpilot, we work hard to keep everyone’s data safe. We want our users to be confident in the knowledge that we’re serious about protecting people’s personal information.
The General Data Protection Regulation (GDPR) is a comprehensive data protection law, which came into effect in May 2018. It requires businesses across the EU and globally to strengthen and unify data protection for all individuals within the EU.
Naturally, inviting people to write reviews and share their experiences involves the exchange of information. We strive to be as transparent as possible about the processes we have in place to store, process and protect personal data.
For businesses using Trustpilot
If you’re a business that works with reviews, you’re welcome to download our white paper on Trustpilot and the GDPR (see below — scroll down to Attachments). This paper provides an overview of some of the most important issues to consider in making sure you also meet the GDPR's requirements.
Data Processing Agreement
You can also view Trustpilot’s GDPR-compliant Data Processing Agreement (DPA) that regulates how we process data on behalf of companies, and ensures we do it in a compliant way. This is available on our website, together with an overview of the data sub-processors we use.
Security practices for Trustpilot review invitation services
Is Trustpilot a data processor or data controller?
To help you understand when we act as a data controller and when we’re a data processor under the GDPR, please refer to this infographic.
Questions about data privacy?
Pursuant to the GDPR, Trustpilot has a Data Protection Officer.
If you’ve got questions on data security and protection, you’re welcome to get in touch with our Privacy Team and Data Protection Officer by emailing us at firstname.lastname@example.org.
Previous Security at Trustpilot