Back to Guidelines
For Businesses

Data Processing & Security Commitments

Our commitments to data processing and security for business data on Your.Reviews.

Last updated: 12 November 2024

Introduction

Your.Reviews is committed to protecting the security and privacy of business data. This document outlines our data processing and security commitments.

Data We Process

We process the following business data:

  • Business profile information (name, address, contact details)
  • Product information and listings
  • Review data and responses
  • Analytics and usage data
  • Team member information
  • Billing and payment information

Security Measures

Encryption

  • Data encrypted in transit using SSL/TLS
  • Data encrypted at rest using industry-standard encryption
  • Secure password hashing (bcrypt with 10 rounds)
  • Encrypted database connections

Access Controls

  • Role-based access control (RBAC) for team members
  • Multi-factor authentication available
  • Regular access audits and reviews
  • Principle of least privilege access

Infrastructure Security

  • Secure cloud hosting with reputable providers
  • Regular security updates and patches
  • Firewall and intrusion detection systems
  • DDoS protection and mitigation
  • Regular security audits and penetration testing

Data Processing

Purpose of Processing

We process business data to:

  • Provide and maintain our services
  • Process transactions and manage subscriptions
  • Analyze usage patterns and improve services
  • Comply with legal obligations
  • Prevent fraud and abuse

Data Retention

  • Business data retained while account is active
  • Data retained for 90 days after account cancellation
  • Some data may be retained longer for legal compliance
  • Review data may be anonymized but retained for platform integrity

Third-Party Services

We use trusted third-party services for:

  • Payment processing (Stripe)
  • Email services (SendGrid)
  • Cloud hosting and infrastructure
  • Analytics and monitoring

All third-party services are required to meet our security standards. See our Approved Subprocessors List for details.

Incident Response

In the event of a security incident:

  • We will investigate immediately
  • We will notify affected businesses within 72 hours
  • We will take steps to mitigate the impact
  • We will comply with applicable breach notification laws
  • We will provide regular updates on the incident

Compliance

We comply with:

  • Australian Privacy Principles (APPs)
  • General Data Protection Regulation (GDPR) where applicable
  • California Consumer Privacy Act (CCPA) where applicable
  • Industry best practices and standards

Your Responsibilities

Businesses are responsible for:

  • Maintaining secure account credentials
  • Managing team member access appropriately
  • Not sharing account credentials
  • Reporting security concerns immediately
  • Complying with applicable data protection laws

Data Export and Deletion

You can:

  • Export your business data at any time
  • Request deletion of your account and data
  • Request correction of inaccurate data
  • Object to certain data processing activities

Contact

For security concerns or data protection questions, contact us at [at] .

Related Pages

← Back to Guidelines
Privacy Policy|Terms & Conditions