SOC 2 Type II Certification
GDPR Compliance
CCPA Compliance
Regular vulnerability scans on systems
Frequent third party penetration testing
Control environment
Risk assessment
Control activities
Information and communication
Monitoring
Industry-standard secure transport protocols
Data Loss Protection integrations
Asset Management
SSL Encryption for customer data
Data access and authorizations based on the principle of least privilege
Mandated strong passwords with audit logging that allows administrators to see when users last logged in and when passwords were last changed.
Restricted access to the AWS production system to authorized personnel, carried out using encrypted connections with multiple factors of authentication
Acceptable Use
Access Control
Asset Management
Business Continuity and Disaster Recovery Plan
Change Management
Code of Conduct
Cryptography
Data Management
Human Resource Security
Incident Response
Information Security
Operations Security
Password
Privacy
Risk Management
Secure Development
Third Party Management
AllVoices uses multiple security measures to ensure the safety of your data. Any data entered into AllVoices is fully secured using Advanced Encryption Standard (AES-256). All access to AllVoices is restricted, monitored, and logged.
AllVoices uses industry-standard PostgreSQL and object storage systems hosted on AWS, in the United States.
Company Information is retained for the periods of time specified in the Record Retention Matrix. As soon as reasonably practicable after there is no longer a business need for maintaining Company Information, and the information is not subject to a legal hold, AllVoices disposes of the information in accordance with best practice disposal requirements.
In order to submit employee reports, we ask for a mobile phone number. We do this so we can prevent bots and spam. This also enables the employee’s company to follow up with them. As soon as we receive the user’s phone number, we encrypt it and assign each report a unique Report ID. Through our anonymous messaging portal, the company can follow up with reporters after they submit the report. Once the company sends a message to the reporter, AllVoices sends them a text message notification encouraging them to visit the portal to respond to the company.