​Our security practices

We use a combination of security best practices to safeguard our platform and protect data that belongs to our customers, reviewers and consumers.

Tip: For all the details on our security practices, download our comprehensive security paper (version 2.6) under 'Attachments' at the end of this article, or see our Cloud Security Alliance questionnaire.

Data security

At Trustpilot, we regard data security as an integral part of running an online review community.

Having adequate data security at all levels is important to us — regardless of whether we’re talking about data belonging to people who leave reviews on Trustpilot, consumers who use our platform, our customers and people we work with, or our own employees.

We start by taking responsibility

As a starting point, we use a framework of policies and processes to promote an internal company culture that understands the importance of, and prioritizes, best practices. Our policies cover areas such as privacy, information security and confidentiality, data preservation and recovery, data incidents, ethics and anti-bribery.

Our policy framework is backed up by ongoing development and Trustpilot-specific training that’s created in-house and rolled out regularly. Training is delivered globally within Trustpilot via a combination of classroom and e-learning and includes topics core to safeguarding data and keeping it private.

A range of safeguards

Key safeguards for our infrastructure, and checks to help us store data securely, include:

  • employing strong passwords,
  • limiting access to our segregated networks,
  • using encryption to transfer data,
  • putting in place appropriate firewall and antivirus protection, and
  • doing regular backups of our information which is then stored securely.

Our servers are hosted by Amazon Web Services, which offers us a high level of security, privacy and segregation while also allowing us ample availability to it. We make sure changes to our products and services are thoroughly tested for robustness before implementation, and we run a bug bounty program to root out and address vulnerabilities.

To keep our offices and physical hardware secure, we limit entry to our locations to keycard access and for guests, registration and approval. We’re also careful with any equipment that we upgrade or replace — it is disposed of following a strict procedure that ensures data is deleted.

Review invitations

For businesses that work with us to send out review invitations, we offer a range of invitation methods to suit their needs. We safeguard personal data shared with us and comply with data regulations — including the EU’s General Data Protection Regulation (GDPR). Our GDPR-compliant data processing agreement (DPA) describes how we process personal data on behalf of the businesses that use our review invitation services.

Our security questionnaire

To help businesses understand our security practices, we've completed a Cloud Security Alliance questionnaire. You can download it here.

Trustpilot’s security team

Our work on security is coordinated and overseen by our security team. Among others, this group brings together professionals from top management, technical experts who work day-to-day with our products and services, and specialists in data protection and information security.

If you have questions about security, you can contact our team by email at: privacy@trustpilot.com