Trust Center

Security at Relevize

Security is built into the fabric of our products, team, infrastructure, and processes, so you can rest assured your data is safeguarded.

  • Compliance

    Last updated Mon, Apr 11, 2022
    • CCPA

      Relevize maintains compliance with privacy regulations such as the California Consumer Protection Act (CCPA). Relevize maintains a Privacy Notice, internal policies, and other technical and organizational measures to ensure compliance with CCPA.

    • GDPR

      Relevize maintains compliance with privacy regulations such as the E.U. General Data Protection Regulation (GDPR). Relevize maintains a Privacy Notice, internal policies, and other technical and organizational measures to ensure compliance with GDPR.

    • SOC 2 Type II

      Relevize successfully completed its most recent SOC2 Type 2 audit in February 2022. The final audit report is available for request on our Resources Page.

  • Product Security

    Last updated Tue, Apr 12, 2022
    • Multi-Factor Authentication

      Multi-Factor Authentication can be enabled within Relevize upon request.

  • Data Security

    Last updated Tue, Mar 22, 2022
    • Data Encrypted At-Rest

      The Relevize platform encrypts data at rest. All data is stored in the Google Cloud Platform (GCP), and is encrypred using the 256-bit Advanced Encryption Standard (AES-256), or better, with symmetric keys. That means that the same key is used to encrypt the data when it is stored, and to decrypt it when it is used. Our encryption keys are stored in a secure (encrypted) keystore and changed regularly.

    • Data Encrypted In-Transit

      Data within the Relevize platform is encrypted in transit within the cloud. This means that when the backend components of our app communicate, they transmit via an encrypted channel. Further, when users interact with the Relevize platform, all communication is encrypted via SSL/TLS certificates.

  • Privacy

    Last updated Mon, Apr 11, 2022
    • Privacy Policy

      Relevize maintains a Privacy Notice on its website.

    • Data Retention Policy

      Relevize maintains a Data Retention and Destruction Policy which outlines retention and destruction procedures and schedules for all systems.

      Relevize only preserves data for as long as it is needed to serve its users and no longer, unless required as part of a contractual or legal obligation.

    • Data Processing Addendum

      Relevize maintains a standard Data Processing Addendum that can be executed upon request. Relevize's DPA is available for request on our Resources Page.

    • Data Removal Requests

      Individuals may have their personal data erased from its data storage systems in accordance with CCPA and GDPR. To request data be erased, please contact [email protected].

  • Incident Management & Response

    Last updated Tue, Mar 22, 2022
    • Data Breach Notification

      Relevize maintains a comprehensive data breach notification policy that describes how users, partners, regulatory bodies, and other parties are notified of an unauthorized disclosure of data.

    • Incident Response Plan (IRP)

      Relevize maintains incident response policies and procedures that ensure that all employees can report security incidents in areas including (but not limited to) cybercrime, data loss, and service outages.

      A detailed incident response plan exists for how members of the Relevize security team respond to incidents.

      Relevize tests its incident response plan on a periodic basis to ensure that is is sufficient and up to date.

  • Availability & Reliability

    Last updated Tue, Mar 22, 2022
    • Denial of Service (DoS) Protection

      Relevize leverages CloudFlare to provide best-in-class protection against DDoS attacks.

    • Infrastructure Redundancy

      Relevize maintains its platform in the Google Cloud Platform (GCP). GCP maintains infrastructure redundancy across its data centers in order to decrease the risk of systems failure.

    • Quality Assurance Testing

      Relevize performs integration, smoke, and acceptance testing of all release candidates before deployment.

    • Service Monitoring

      Relevize performs service monitoring in order to evaluate the health and security of its systems residing within the Google Cloud Platform (GCP). Systems are configured to collect logs and telemetry and alert Relevize team members of any outages, anomalies, or security events.

  • Organizational Security

    Last updated Tue, Mar 22, 2022
    • Confidentiality Agreements

      All Relevize personnel are required to sign a Non-Disclosure Agreement (NDA) prior to onboarding.

    • Employee Background Checks

      Relevize performs employee background checks on all employees using a third-party background check vendor.

    • Employee Security Training

      All Relevize employees undergo security awareness training on a periodic basis.

    • Employee Workstations Encrypted

      Most of Relevize's company information is securely stored in cloud systems and is not resident on individual hard drives. For employees that must have local copies of information (such as software engineers working with code on their local machine), volume encryption is enforced.

    • Limited Employee Access (Principle of Least Privilege)

      Relevize only provides access to team members as needed based on their job role. No employee is permitted to have access to a system unless explicitly authorized for a legitimate business purpose.

    • Personnel Screening

      All Relevize personnel are screened prior to hire using the company's hiring process.

    • Physical Access Control

      The Relevize platform resides in the Google Cloud Platform (GCP). GCP maintains physical and environmental access controls for their data centers.

    • Secure Remote Network Access

      Relevize system administrators seeking privileged access to the underlying network must authenticate to either the Google Cloud Platform (GCP) using username, password and MFA, or to a secure VPN using a username and private key.

  • Business Continuity

    Last updated Tue, Mar 22, 2022
    • Disaster Recovery Plan

      Relevize maintains its platform in the Google Cloud Platform (GCP), which maintains business continuity and disaster recovery plans for physical and environmental threats.

      For all other scenarios, Relevize maintains its own disaster recovery plan to ensure that it can recover its infrastructure following a disruption resulting from a disaster. The plan is maintained and reviewed at least annually and after any significant changes to the system. The plan is tested annually to ensure ongoing suitability.

    • Data Backups

      Relevize maintains backups and redundancy for all important data, including user data, associated with its platform. Backup restorations are attempted on a periodic basis to ensure that the backup system is functioning properly.

  • Infrastructure

    Last updated Tue, Mar 22, 2022
    • ISO 27001 - Data Center

      Relevize's platform is hosted in the Google Cloud Platform (GCP). GCP data centers are ISO 27001 certified.

    • SOC 1 - Data Center

      Relevize's platform is hosted in the Google Cloud Platform (GCP). GCP data centers are SOC 1 compliant.

    • SOC 2 - Data Center

      Relevize's platform is hosted in the Google Cloud Platform (GCP). GCP data centers are SOC 2 compliant.

    • SOC 3 - Data Center

      Relevize's platform is hosted in the Google Cloud Platform (GCP). GCP data centers are SOC 3 compliant.

  • Threat Management

    Last updated Tue, Mar 22, 2022
    • Penetration Testing

      Penetration testing on the Relevize platform is conducted once per year by an external firm.

    • Vulnerability Scanning

      Relevize performs vulnerability scanning of its environment on a periodic basis using a variety of tools.

      Relevize's platform is hosted in the Google Cloud Platform (GCP). GCP uses its own vulnerability scanning tools for its own network, server, operating system and application infrastructure.