Security

Protecting customer data is our top priority. We understand that you are trusting us with your data and we take the responsibility of securing it very seriously.

GDPR

GDPR Compliance
We're fully GDPR compliant. We're ourselves based in the EU and have worked on and verified the details of our GDPR implementation with many large European companies who trust us with their customer data.

Consent and Weighing of Interests
If you want, individuals must give consent to the personal data processing. Such request should be given in clear and plain language, and it can be withdrawn later. Usually this takes place before the individual and his/her data ends up on Trustvoices platform, but Trustvoice can help manage this process by storing record of consent, including what version of the term the user gave consent to, and asking for additional consent when necessary. Trustvoice makes it easy for users to opt-out from additional processing and communication. Many customers will apply GDPR's weighing of interests for the common use cases.

Breach Notification
Trustvoice will notify its customers without undue delay when becoming aware of a data breach relating to individual data or other sensitive data. Trustvoice will also notify supervising authority and data subjects in accordance with relevant regulations.

Right to Access
Under GDPR, individuals can get access to the personal data stored about them free of charge. Trustvoice is compliant, and can manage the direct contact with individuals, or by providing the data through the data controller.

Data Erasure
GDPR also entitles individuals to have the his/her personal data erased. Again, Trustvoice implements this either with direct contact, or through the data controller.

Data Minimisation and Privacy By Design
Trustvoice allows fine-grained control over how data is automatically deleted or anonymized.

Granular access control
We provide multiple user roles with different permissions levels within the platform. It's possible to assign roles that limit visibility of Personally Identifiable Information (PII).

DPA
We have a standard Data Processor Agreement, but are happy to sign custom versions for enterprise customers.

Infrastructure

Trustvoice architecture
The Trustvoices platform is designed to be secure and reliable.

Amazon AWS
Our application is hosted and managed within Amazon Web Services (AWS) secure data centers in Stockholm, Sweden. These data centers have been accredited under ISO 27001, SOC 1, SOC 2 and other standards. We make extensive use of the capabilities and services provided by AWS to increase privacy and control network access throughout our system.

For production servers, Trustvoice is using the AWS best practices as described by AWS Security and Securing EC2.

For more information about AWS security and compliance, see their AWS Cloud Compliance documents.

Data and Encryption

Backup
We maintain secure backups of important data and perform regular backup restoration tests.

Encryption
Any restricted data is encrypted and/or stored in highly secure facilities.

HTTPS
All our web and API traffic is served over HTTPS. We redirect users from HTTP to HTTPS.

File and feed transfers
SFTP is used for non-HTTPS file transfers.

Policies

Policies and controls
Trustvoice has developed best-practice security policies covering a range of topics. These policies are kept up to date and shared with employees. Trustvoice is planning to implement and getting certified under ISO 27001.

Business continuity
Our Business Continuity Plan is kept up to date and covers disruptions to our office, infrastructure and platform.

Confidentiality
All employees have signed confidentiality agreement with Trustvoice.

Training
All employees complete security awareness training and code of conduct training on regular basis.

Disclosure
If you have any concerns or discover a security issue, please email us at security@testfreaks.com and we will quickly investigate.