Effective as of September 28, 2016
Applause App Quality, Inc. (“Applause”, “we”, “us” and “our”) has created this privacy statement in order to demonstrate our firm commitment to privacy. The following discloses the information gathering and dissemination practices for this website Applause.com and any services we provide through this website. This privacy statement covers the collection, treatment and use of any personal information gathered by Applause from our customers, job applicants and visitors to our websites (hereafter referred to as a “you”, “your”, “user” and “users”). This privacy statement does not apply to third parties and their actions that we do not own or control, including, but not limited to, any third party websites, services and applications that you elect to access through our websites.
Information collected for website visitors
For each visitor to the Applause.com website, our web server automatically recognizes the user’s IP address, but not the e-mail address. Applause collects only the IP address, but not the e-mail address, of users to our website, aggregate information on what type of pages users access or visit, and information volunteered by the user.
The information we collect is used to provide you with and improve the content of our website and services.
The information we collect is not shared with other third party organizations for their own commercial purposes.
Information collected from customers
When you register on, and further use services provided through our website, we request certain information, including your email address, log-in details, phone number and location. Applause does not share any of such information with any third party person or entity for their own commercial purposes.
The information you provide is used to:
- provide you with our services;
- from time to time in accordance with applicable law, contact you for market research or to provide you with marketing information we think would be of particular interest.
If you supply us with your postal address online you will only receive the information for which you provided us your address. If you provide us with your telephone number on-line because you are interested in our services, we will only call you regarding your interest or your actual order.
Information collected for job applicants
To process and review your job application, we will request you to provide us with your name, email, resume and cover letter when you apply through the website. If you are invited for an interview, we may also store and process any further information you provide us during the interview process for the same purposes.
We collect non-identifying, general, generic and aggregate information to better design our web site and services. We may share the aggregate and anonymous data with other third parties.
Except as set out in this policy, we will provide you with notice and give you the right to opt out if your personal information is to be disclosed to a new third party controller or to be used for a purpose materially different from the purpose for which it was originally collected or subsequently authorized by you.
Upon request we will provide you with access to and/or the opportunity to correct all information that we maintain about you. We will respond to you within the time period required by applicable laws, and in any event within 45 days of receiving your request.
3. Onward Transfer
4. DATA TRANSFERS – Privacy Shield and U.S.-Swiss Safe Harbor framework
The Information that we collect from you may be transferred to, and stored at, a destination outside of your country and the European Economic Area (“EEA”) and, in particular, the US, which may have different or less protective privacy laws than those in your country.
Applause complies with the U.S.-E.U. Privacy Shield framework and U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member states and Switzerland:
- Applause also complies with the U.S. – Swiss Safe Harbor framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from Switzerland. Applause has certified that it adheres to the U.S. – Swiss Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Applause’s certification, please visit https://safeharbor.export.gov/companyinfo.aspx?id=29270.
Applause commits to resolve complaints about your privacy and our collection or use of your personal information. Where you have a complaint regarding our collection, storage, or use of your personal information, you may make a complaint to Applause as follows:
- For Applause customers: please contact your assigned Project Manager directly and report the incident via email to email@example.com
- For uTest testers: please contact your assigned Community Manager and report the incident via email to firstname.lastname@example.org
- For all others: please contact your primary contact at Applause or email@example.com, 100 Pennsylvania Ave., Framingham, MA 01701
We will respond to you within 45 days of receiving your request.
If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Applause, Applause has further committed to refer unresolved privacy complaints or disputes under the U.S. – E.U. Privacy Shield Principles and the U.S.-Swiss Safe Harbor Framework to the BBB EU Safe Harbor/Privacy Shield, which is an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. Please visit the BBB EU Safe Harbor/Privacy Shield website at http://www.bbb.org/EU-privacy-shield/bbb-eu-safe-harbor-dispute-resolution/ for more information and to file a complaint.
If your dispute or complaint cannot be resolved by Applause or by the independent dispute resolution mechanism listed above, you may, under certain conditions, have the right to seek recourse through binding arbitration before the Privacy Shield Panel of the U.S. Department of Commerce and the European Commission.
Effective as of August 22, 2016
Applause’s Security Philosophy: Our Commitment to You
As a provider of software and services for many users on the Internet, Applause recognizes the importance of effectively and continuously protecting user security. We understand that secure products are instrumental in sustaining the trust that you place in our products and services, and we strive to create innovative products serve your needs and operate in your best interests. The security of your personal information is important to us; please be assured that we have adequate security measures in place to protect and secure end user information.
A Shared Security Responsibility Environment
We have designed our products to be flexible, scalable, and robustly configurable to our users and the needs of our user organizations. This means that, at the application level, access restrictions, account delegation, user rights and the implementation of additional security controls are often left to the discretion of our end users. While we commit to securing the underlying system architecture, code, and the information we collect, we trust our users to share the responsibility of securing access to data that is ultimately placed in their respective product instances. This includes all data entered through the Platform interface into the instance, the user accounts you provision to access your instance(s), and the associated user roles and groups that enable various access-levels of those users. For this reason, we recommends that users of the Platform maintain sufficient controls to provide reasonable assurance of the following standards:
- Protect access to your account: Access to the Applause Platform should be restricted to authorized users, and user names and passwords should be kept confidential.
- Protect the integrity of your data: Users are responsible for the accuracy, quality, integrity and legality of information entered into accounts and for the quality and performance of the Platform with respect to user-configurations of accounts.
- Report security vulnerabilities: Users are responsible for reporting issues and incidents related to information security, and following up on the status of those issues to ensure they are resolved, in accordance with the process outlined below.
Need to Report a Security Vulnerability?
If you believe you have found a security vulnerability within any of Applause’s product offerings, we encourage you to let us know right away.
If you are an Applause Platform customer and have a security issue to report regarding your personal account, or have discovered a vulnerability in an Applause product, please contact your assigned Project Manager directly or report the incident via email to firstname.lastname@example.org.
If you are an Applause Community member and have a security issue to report regarding your personal Applause account, or have discovered a vulnerability in an Applause product, please contact your assigned Community Manager and report the incident via email to email@example.com.
Applause takes security issues seriously and will respond swiftly to fix verifiable security issues. Some of the components that make up the Applause Platform are complex and take time to update. When properly notified of legitimate security issues, Applause personnel will do their best to acknowledge your emailed report, assign resources to investigate the issue and mitigate potential problems as efficiently and effectively as possible.
Overview of Platform Security Controls
We offer a variety of services and solutions through our software-as-a-service cloud offering to customers and community testers, including dashboard analytics, reporting, test services execution, test cycle management, and test cycle analytics. We have designed our Information Security (“InfoSec”) Program around supporting security of the core application, infrastructure, and data components that support our core testing service offerings (“the Platform”). The InfoSec Program and its underlying policies apply to all users of the Applause Platform, including all employees, customers, community testers and other third parties.
Applause provides a host of advanced functionality to secure the Platform including role-based access, strong connection encryption, robust password policies and more. Applause adds further layers of security, such as application-only access, to provide users complete confidence in the Platform and their data.
Applause employs stringent, 24/7 monitoring tools, controls, policies and procedures to ensure that it provides the strongest security for its users.
Key benefits and features of Applause’s commitment to security include:
- Role-level Access & Idle Disconnect: Role-based access control ensures users can only use data and Platform functionality that is related to their specific responsibilities, as dictated by their account administrator. Additionally, Applause automatically locks the Platform when idle connections are detected to prevent unauthorized access. Finally, the Platform natively provides a complete audit trail to ensure changes within a user account or customer instance are tracked with user login details and timestamp.
- Physical Access: Applause leverages a third party provider to provide physical access security to the Platform infrastructure. All data center access is limited to data center technicians and approved Applause staff.
- Strong SSL Encryption: Applause provides SSL encryption for user login and all subsequent data.
- Application-Only Access: Applause ensures that external users of the Platform can only access the application, not the underlying database.
- Employee Access: No Applause employees, partners, or contractors ever access private customer repositories or accounts unless required through our standard service obligations or for specific support reasons. When working a support issue, we do our best to respect your privacy and the security of your data as much as possible; we only access the files and settings as required through the resolution of your issue.
- Strong Password Policies: Applause provides various password policies to prevent unauthorized access to user accounts, including minimum password length and complexity requirements, password repetition controls, and automatic lock-out after unsuccessful login attempts.
- Continuous Security Monitoring: Applause employs intrusion detection systems to identify malicious traffic attempting to access the Platform network. Any unauthorized connection attempts are logged and appropriately investigated. Applause also employs numerous performance and utilization monitoring solutions for the Platform infrastructure.
- Risk Management: Enterprise-grade anti-virus software guards against Trojans, worms, viruses, and other malware from affecting the Platform and its underlying components. Encryption is required on all removable media (employee laptops, thumb-drives, etc.) that contains or has access to sensitive Platform data.
- Separation of Duties: Job responsibilities are separated, and mandatory employee reference checks are employed at all levels of Applause operations. Applause tracks and maintains any and all exceptions to standard segregation of duties policies and associated access permission changes.
- Communication: Applause maintains robust communication protocols and procedures to ensure that all policy and system changes that impact security are timely communicated to Platform users through the application interface. In the event emergency communication is needed, Applause also supports alternative methods of communication to users, including email notifications and alerts.