Trust Centre

RiskBase is committed to security, compliance and privacy. This page details of our compliance processes, certificates and subprocessors.

Privacy

• Privacy Policy The business maintains a comprehensive and easily accessible privacy policy on its website. This policy transparently describes what user data is collected, how it's used, stored, and shared.
• Consent Mechanisms Clear opt-in mechanisms are provided for data collection, ensuring users explicitly agree to the collection and processing of their data.
• Data Usage Transparency Users are informed about the specific purposes for which their data is collected. Any changes to data usage or policy are communicated clearly and in a timely manner.
• User Rights The business respects user rights, including the right to access, rectify, and erase their personal data upon request.

Security

• Encryption and Secure Protocols The website employs HTTPS encryption to secure data transmission. Additionally, robust encryption methods are used to protect sensitive information.
• User accounts Passwordless option requires email authentication on sign in. Minimum password requirements are enforced. Accounts are locked following ten incorect password attempts. Two factor authentication (2FA) is available.
• Regular Software Updates The business regularly updates its software, applications, and plugins to patch vulnerabilities and maintain a secure environment.
• Access Controls and Monitoring Access to sensitive data is restricted to authorized personnel only. Continuous monitoring and logging of system activities help in detecting and responding to potential security threats promptly.
• Incident Response Plan A well-defined incident response plan is in place to address and manage any security breaches effectively. This plan includes procedures for reporting incidents to the appropriate authorities.

Compliance

• GDPR Compliance The business adheres to GDPR regulations by obtaining explicit consent for data processing, offering easy opt-out options, and respecting user rights. It stays updated with evolving GDPR guidelines and complies with ICO registration requirements if handling personal data.
• Legal Compliance Apart from GDPR, the business ensures compliance with other relevant data protection laws and regulations applicable in the UK or internationally.

Data Management

• Data Minimization The business practices data minimization by collecting only necessary user data required for legitimate purposes.
• Data Storage and Backups User data is securely stored using reliable and encrypted storage systems. Regular backups are conducted to prevent data loss.
• Access Control and Training Access to user data is strictly limited to authorized personnel. Staff members are trained in data handling procedures and privacy policies.

Regular internal audits and reviews are conducted to assess the effectiveness of these practices and make necessary adjustments in response to changing regulations or technological advancements. Additionally, the business ensures that its suppliers or third-party service providers also adhere to similar high standards of privacy, security, compliance, and data management.

Resources

Terms, Conditions, Privacy

• Terms, conditions and privacy policy.

Penetration Tests

• Most recent: 13 July 2023.
• Executive Summary available upon request.

Subprocessors

Sub-processors and the GDPR

At RiskBase we take privacy and data security very seriously. The personal information we store is relatively limited but fundamentally we treat all data as private and move it around as little as possible.

There are two key roles that we undertake under the GDPR, firstly as a data controller, and secondly as a data processor. As a data controller, we hold some personal data especially that relating to our customers and users. How we manage that is explained in our Privacy Policy.

As a data processor we also process data that our customers and users create or add to the RiskBase platform. We may use sub-processors to store or manage or interact with that data. Who we employ to do that is listed below.

Hosting & Infrastructure Services

England, UK data centres provided by:

Google Cloud EMEA Limited

(Ireland co. reg. #660412) 70 Sir John Rogerson’s Quay, Dublin 2, Ireland

Cronos Internet Ltd

(UK co. reg. 08098201) 26-28 West Street, Market Square, Rochford, SS4 1AJ, England