Security & Data Protection

data security at AllVoices

View Data Sheet
Leading Companies Trust AllVoices

Compliance

AllVoices administers audits and maintains various certifications to ensure compliance with industry best practices. Our compliance with the below globally recognized standards and codes of practice demonstrates our commitment to data security:

SOC 2 Type II Certification

GDPR Compliance

CCPA Compliance

Regular vulnerability scans on systems

Frequent third party penetration testing

Controls

AllVoices maintains the following control framework to meet our commitment to security. This framework includes the following aspects.

Control environment

Risk assessment

Control activities

Information and communication

Monitoring

Protection

AllVoices uses enterprise-grade protection mechanisms to keep your data and information safe. These mechanisms include the following.

Industry-standard secure transport protocols

Data Loss Protection integrations

Asset Management

SSL Encryption for customer data

Data access and authorizations based on the principle of least privilege

Mandated strong passwords with audit logging that allows administrators to see when users last logged in and when passwords were last changed.

Restricted access to the AWS production system to authorized personnel, carried out using encrypted connections with multiple factors of authentication

Procedures

AllVoices has developed and maintains strict procedures to protect data and information. Procedures are documented and updated to help ensure personnel are informed and equipped to perform their duties to preserve the security of the platform and service data. These procedures are outlined in the following policies, which are revised and re-approved annually as part of its SOC2 certification.

Acceptable Use

Access Control

Asset Management

Business Continuity and Disaster Recovery Plan

Change Management

Code of Conduct

Cryptography

Data Management

Human Resource Security

Incident Response

Information Security

Operations Security

Password

Privacy

Risk Management

Secure Development

Third Party Management

System Components

AllVoices uses Amazon Web Services (AWS) facilities to provide compute power, storage, and other infrastructure hosting services. Amazon provides an extensive list of compliance and regulatory assurances, including SOC II and ISO 27001. See Amazon’s compliance and security documents for more detailed information.

Data Security

AllVoices designs its processes and procedures to meet our security objectives. These objectives are based on the service commitments that AllVoices makes to our clients and the financial, operational, and compliance requirements that AllVoices has established for the platform. Security commitments to user entities and customers, and a description of the platform, are documented within, maintained, and communicated through the AllVoices online Privacy Policy to ensure that everyone clearly knows their security responsibilities.

Security Objectives

AllVoices designs its processes and procedures to meet our security objectives. These objectives are based on the service commitments that AllVoices makes to our clients and the financial, operational, and compliance requirements that AllVoices has established for the platform. Security commitments to user entities and customers, and a description of the platform, are documented within and communicated through the AllVoices online Privacy Policy.

Frequently asked questions

What does AllVoices do to secure and protect data and sensitive information?

AllVoices uses multiple security measures to ensure the safety of your data. Any data entered into AllVoices is fully secured using Advanced Encryption Standard (AES-256). All access to AllVoices is restricted, monitored, and logged.

Where is AllVoices data stored?

AllVoices uses industry-standard PostgreSQL and object storage systems hosted on AWS, in the United States.

What can AllVoices do with my data?

Company Information is retained for the periods of time specified in the Record Retention Matrix. As soon as reasonably practicable after there is no longer a business need for maintaining Company Information, and the information is not subject to a legal hold, AllVoices disposes of the information in accordance with best practice disposal requirements.

How does AllVoices keep employee data anonymous?

In order to submit employee reports, we ask for a mobile phone number. We do this so we can prevent bots and spam. This also enables the employee’s company to follow up with them. As soon as we receive the user’s phone number, we encrypt it and assign each report a unique Report ID. Through our anonymous messaging portal, the company can follow up with reporters after they submit the report. Once the company sends a message to the reporter, AllVoices sends them a text message notification encouraging them to visit the portal to respond to the company.

We care about protecting your data. Here’s our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.