SOC 2 Type II Certification
Regular vulnerability scans on systems
Frequent third party penetration testing
Information and communication
Industry-standard secure transport protocols
Data Loss Protection integrations
SSL Encryption for customer data
Data access and authorizations based on the principle of least privilege
Mandated strong passwords with audit logging that allows administrators to see when users last logged in and when passwords were last changed.
Restricted access to the AWS production system to authorized personnel, carried out using encrypted connections with multiple factors of authentication
Business Continuity and Disaster Recovery Plan
Code of Conduct
Human Resource Security
Third Party Management
AllVoices uses multiple security measures to ensure the safety of your data. Any data entered into AllVoices is fully secured using Advanced Encryption Standard (AES-256). All access to AllVoices is restricted, monitored, and logged.
AllVoices uses industry-standard PostgreSQL and object storage systems hosted on AWS, in the United States.
Company Information is retained for the periods of time specified in the Record Retention Matrix. As soon as reasonably practicable after there is no longer a business need for maintaining Company Information, and the information is not subject to a legal hold, AllVoices disposes of the information in accordance with best practice disposal requirements.
In order to submit employee reports, we ask for a mobile phone number. We do this so we can prevent bots and spam. This also enables the employee’s company to follow up with them. As soon as we receive the user’s phone number, we encrypt it and assign each report a unique Report ID. Through our anonymous messaging portal, the company can follow up with reporters after they submit the report. Once the company sends a message to the reporter, AllVoices sends them a text message notification encouraging them to visit the portal to respond to the company.