We use a combination of security best practices to safeguard our platform and protect data that belongs to our customers, reviewers and consumers.
Tip: For all the details on our security practices, download our comprehensive security paper (version 2.0) under 'Attachments' at the end of this article, or see our Cloud Security Alliance questionnaire.
At Trustpilot, we regard data security as an integral part of running an online review community.
Having adequate data security at all levels is important to us — regardless of whether we’re talking about data belonging to people who leave reviews on Trustpilot, consumers who use our platform, our customers and people we work with, or our own employees.
We start by taking responsibility
As a starting point, we use a framework of policies and processes to promote an internal company culture that understands the importance of, and prioritizes, best practices. Our policies cover areas such as privacy, information security and confidentiality, data preservation and recovery, data incidents, ethics and anti-bribery.
Our policy framework is backed up by ongoing development and Trustpilot-specific training that’s created in-house and rolled out regularly. Training is delivered globally within Trustpilot via a combination of classroom and e-learning and includes topics core to safeguarding data and keeping it private.
A range of safeguards
Key safeguards for our infrastructure, and checks to help us store data securely, include:
- employing strong passwords,
- limiting access to our segregated networks,
- using encryption to transfer data,
- putting in place appropriate firewall and antivirus protection, and
- doing regular backups of our information which is then stored securely.
Our servers are hosted by Amazon Web Services, which offers us a high level of security, privacy and segregation while also allowing us ample availability to it. We make sure changes to our products and services are thoroughly tested for robustness before implementation, and we run a bug bounty program to root out and address vulnerabilities.
To keep our offices and physical hardware secure, we limit entry to our locations to keycard access and for guests, registration and approval. We’re also careful with any equipment that we upgrade or replace — this is disposed of following a strict procedure that ensures data is deleted.
Businesses can select which option suits them best
For businesses that work with us to send out review invitations, we let them choose which of our review invitation services fits them. We offer both solutions that require businesses to share personal data about their customers with us, and options where they can keep personal data about their customers private (see an overview here).
Where businesses select an invitation method that shares personal data with us, we safeguard this information and comply with data regulations — including the EU’s General Data Protection Regulation (GDPR).
Our security questionnaire (for businesses)
To help businesses understand our security practices, we've completed a Cloud Security Alliance questionnaire. You can download it here.
Trustpilot’s security team
Our work on security is coordinated and overseen by our security team. Among others, this group brings together professionals from top management, technical experts who work day-to-day with our products and services, and specialists in data protection and information security.
If you have questions about security, you can contact our team by email at: firstname.lastname@example.org