your trust is everything.

RiseSmart has implemented policies to fully comply with data protection and privacy requirements set forth for all citizens of the European Union and the European Economic Area. The EU General Data Protection Regulation (GDPR) assures that the proper framework is in place to keep personally identifiable information secure and is designed to harmonise data privacy laws across Europe to protect and empower the data privacy of all EU citizens.

RiseSmart has implemented policies to comply with data protection requirements set forth in the California Consumer Privacy Act (CCPA), which enhances privacy rights and consumer protections for California residents by providing them with the right to control how their personal information is collected and shared.

TRUSTe Privacy seal verification.

Privacy Shield attestation.

The EU-US and Swiss-US Privacy Shield frameworks provide a mechanism to comply with data protection requirements when transferring personal data from the EU and Switzerland to the United States. RiseSmart is certified under the EU-US Privacy Shield and the Swiss-US Privacy Shield and we employ standard contractual clauses. While a 2020 European court ruling declared the EU-US Privacy Shield Framework invalid, the US Federal Trade Commission continues to support the Privacy Shield framework and expects companies to comply with their ongoing obligations with respect to transfers made under the Privacy Shield Framework.

To ensure that customer data is secure from cybersecurity breaches, RiseSmart tests for potential vulnerabilities on a recurring basis. We run static code analysis and application and infrastructure vulnerability scans. We also do the ethical disclosure of the vulnerability scan reports to inform our customers of potential risks.

RiseSmart leverages third-party penetration testing resources to test the RiseSmart service application and internal networks. This authorised, simulated cyberattack allows us to evaluate system security and implement necessary remediation actions.

To ensure that our platform remains secure, we invite select researchers into our bug bounty programme to find and report any security issues, which are then fixed immediately.

We encode customer data using the AES-256 encryption standard at RDS level for data at-rest and in-transit based on the NIST framework. TLS 1.2 (based on IETF standards) is used for protecting the transmission of all sensitive information.

Our system has role-based access control mechanisms. Data is accessible only to authorised users who have the appropriate level of access on a need-to-know basis. We implement role-based access management using AWS IAM user, group and role policies.

To ensure the security of customer data stored on location, RiseSmart products are hosted with cloud infrastructure providers with SOC 2 Type II and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control, data access controls and video surveillance.

We use database replication and periodic snapshots to avoid data loss. Backups are tested as part of business continuity and disaster recovery plan testing.

Strict security checkpoints govern every step of our development life cycle from design to coding, testing and deployment. Our internal security team works with independent, external security researchers to validate our software security.

RiseSmart conducts an initial risk assessment of service providers to ensure their security practices are industry-standard. For vendors with whom we exchange sensitive data elements, the standard Data Processing Agreement is signed.

RiseSmart provides information security and privacy training as part of our new employee onboarding. We hold an Information Security Week annually to recertify employees on our privacy training and to raise awareness of our security policies and work guidelines.

Our legal and privacy processes and controls address requirements such as roles and responsibilities, policies and procedures, data inventory and life cycle, data protection and security, risk assessment, consent, and managing data subject requests, third-party management and incident response.

RiseSmart has a DSAR request form that users may complete to opt out, delete or update their data, or file a complaint. The form can be found here.

RiseSmart respects the right to privacy. Users can choose to restrict certain types of cookies from the Privacy Preference Center. Our cookie policy can be found here.

We respect your privacy rights and value your trust. This privacy notice describes how we collect, receive, use, store, share, transfer and process your personal information, as well as your rights in determining what we do with the information that we collect or hold about you. Our privacy policy can be found here.