Applause.com has created this privacy statement in order to demonstrate our firm commitment to privacy. The following discloses the information gathering and dissemination practices for this Web site: Applause.com.
For each visitor to Applause.com web site, our web server automatically recognizes only the consumer’s domain name, but not the e-mail address. Applause.com collects only the domain name, but not the e-mail address of visitors to our web site, aggregate information on what pages consumers access or visit, information volunteered by the consumer, such as survey information and/or site registrations. The information we collect is used to improve the content of our web site, used to notify consumers about updates to our web site, not shared with other organizations for commercial purposes.
When you participate on the Applause.com web site, we request certain information. Applause.com does not share any of your personally identifiable or transactional information with any person or entity. No other third party receives your personally identifiable information or other transactional data except for those with whom you have transactions.
If you supply Applause.com with your postal address on-line you will only receive the information for which you provided us your address. Users who supply us with their telephone numbers on-line will only receive telephone contact from us with information regarding orders they have placed on-line.
Personally Identifiable Information-When visiting Applause.com’s or any Client’s Web site and signing up for or using Applause.com services through any Service Page, you may choose to supply Applause.com with information that identifies users personally. For Testers, this information may include name and contact information, gender, birth date, occupation and industry, shipping and billing information, behavior patterns, purchase history, and other information.
From time to time, Applause.com may use customer information for new, innovative and unanticipated uses not previously disclosed or described in our privacy notice. If our information practices change at some time in the future we will post the policy changes to the Applause.com web site to notify you of these changes and provide you with the ability to opt out of these new uses or changes. If you are concerned about how your information is used, you should check back at our web site periodically.
Companies may prevent their information from being used for purposes other than those for which it was originally collected by contacting us here to request this. Upon request we provide site visitors with access to all information [including proprietary information] that we maintain about them.
Aggregate Information–Applause.com collects non-identifying, general, generic and aggregate information to better design our Web site and services, and shares the aggregate data with advertisers and other third parties. With respect to security: Applause.com uses PayPal, which utilizes industry-standard encryption technologies when transferring and receiving Company and transaction data exchanged with our site.
Unless otherwise indicated, the information contained in this site including all images, illustrations, icons, designs and written and other materials that appear on the site are copyrights, trademarks, trade dress or other intellectual property owned, controlled, or licensed by Applause or its affiliates or are the property of their respective owners and are protected by U.S. and international copyright laws and conventions.
Accessing the Applause.com web site does not authorize Users to use any name, logo, trademark or service mark in any manner. Permission is granted to display, download and print in hard copy format other resources of the site solely for the purposes of using the site as an internal or personal business resource. None of the resources may be copied, reproduced, distributed, republished, downloaded, displayed, posted electronically or mechanically, transmitted, recorded, in any manner mirrored, photocopied or reproduced without the prior written permission of Applause.com or the applicable owner.
Applause complies with the US-EU Safe Harbor Framework and US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Applause has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view our certification page, please visit http://www.export.gov/safeharbor/.
- For Applause customers: please contact your assigned Project Manager directly and report the incident via email to email@example.com
- For uTest testers: please contact your assigned Community Manager and report the incident via email to firstname.lastname@example.org
- For all others: please contact your primary contact at Applause or email@example.com, 100 Pennsylvania Ave., Framingham, MA 01701
Applause has further committed to refer unresolved privacy complaints under the US-EU and US-Swiss Safe Harbor Principles to an independent dispute resolution mechanism, the BBB EU SAFE HARBOR, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Applause, please visit the BBB EU SAFE HARBOR web site at http://www.bbb.org/us/safe-harbor-complaints/ for more information and to file a complaint.
Effective as of August 21, 2015
Applause’s Security Philosophy: Our Commitment to You
As a provider of software and services for many users on the Internet, Applause recognizes the importance of effectively and continuously protecting user security. We understand that secure products are instrumental in sustaining the trust that you place in our products and services, and we strive to create innovative products serve your needs and operate in your best interests. The security of your personal information is important to us; please be assured that we have adequate security measures in place to protect and secure end user information.
A Shared Security Responsibility Environment
We have designed our products to be flexible, scalable, and robustly configurable to our users and the needs of our user organizations. This means that, at the application level, access restrictions, account delegation, user rights and the implementation of additional security controls are often left to the discretion of our end users. While we commit to securing the underlying system architecture, code, and the information we collect, we trust our users to share the responsibility of securing access to data that is ultimately placed in their respective product instances. This includes all data entered through the Platform interface into the instance, the user accounts you provision to access your instance(s), and the associated user roles and groups that enable various access-levels of those users. For this reason, we recommend that users of the Platform maintain sufficient controls to provide reasonable assurance of the following standards:
- Protect access to your account: Access to the Applause Platform should be restricted to authorized users, and user names and passwords should be kept confidential.
- Protect the integrity of your data: Users are responsible for the accuracy, quality, integrity and legality of information entered into accounts and for the quality and performance of the Platform with respect to user-configurations of accounts.
- Report security vulnerabilities: Users are responsible for reporting issues and incidents related to information security, and following up on the status of those issues to ensure they are resolved, in accordance with the process outlined below.
Need to Report a Security Vulnerability?
If you believe you have found a security vulnerability within any of Applause’s product offerings, we encourage you to let us know right away.
If you are an Applause Platform customer and have a security issue to report regarding your personal account, or have discovered a vulnerability in an Applause product, please contact your assigned Project Manager directly and report the incident via email to firstname.lastname@example.org.
If you are an Applause Community member and have a security issue to report regarding your personal Applause account, or have discovered a vulnerability in an Applause product, please contact your assigned Community Manager and report the incident via email to email@example.com.
Applause takes security issues seriously and will respond swiftly to fix verifiable security issues. Some of the components that make up the Applause Platform are complex and take time to update. When properly notified of legitimate security issues, Applause personnel will do their best to acknowledge your emailed report, assign resources to investigate the issue and mitigate potential problems as efficiently and effectively as possible.
Overview of Platform Security Controls
We offer a variety of services and solutions through our software-as-a-service cloud offering to customers and community testers, including dashboard analytics, reporting, test services execution, test cycle management, and test cycle analytics. We have designed our Information Security (“InfoSec”) Program around supporting security of the core application, infrastructure, and data components that support our core testing service offerings (“the Platform”). The InfoSec Program and its underlying policies apply to all users of the Applause Platform, including all employees, customers, community testers and other third parties.
Applause provides a host of advanced functionality to secure the Platform including role-based access, strong connection encryption, robust password policies and more. Applause adds further layers of security, such as application-only access, to provide users complete confidence in the Platform and their data.
Applause employs stringent, 24/7 monitoring tools, controls, policies and procedures to ensure that it provides the strongest security for its users.
Key benefits and features of Applause’s commitment to security include:
- Role-level Access & Idle Disconnect: Role-based access control ensures users can only use data and Platform functionality that is related to their specific responsibilities, as dictated by their account administrator. Additionally, Applause automatically locks the Platform when idle connections are detected to prevent unauthorized access. Finally, the Platform natively provides a complete audit trail to ensure changes within a user account or customer instance are tracked with user login details and timestamp.
- Physical Access: Applause leverages a third party provider to provide physical access security to the Platform infrastructure. All data center access is limited to data center technicians and approved Applause staff.
- Strong SSL Encryption: Applause provides SSL encryption for user login and all subsequent data.
- Application-Only Access: Applause ensures that external users of the Platform can only access the application, not the underlying database.
- Employee Access: No Applause employees, partners, or contractors ever access private customer repositories or accounts unless required through our standard service obligations or for specific support reasons. When working a support issue, we do our best to respect your privacy and the security of your data as much as possible; we only access the files and settings as required through the resolution of your issue.
- Strong Password Policies: Applause provides various password policies to prevent unauthorized access to user accounts, including minimum password length and complexity requirements, password repetition controls, and automatic lock-out after unsuccessful login attempts.
- Continuous Security Monitoring: Applause employs intrusion detection systems to identify malicious traffic attempting to access the Platform network. Any unauthorized connection attempts are logged and appropriately investigated. Applause also employs numerous performance and utilization monitoring solutions for the Platform infrastructure.
- Risk Management: Enterprise-grade anti-virus software guards against Trojans, worms, viruses, and other malware from affecting the Platform and its underlying components. Encryption is required on all removable media (employee laptops, thumb-drives, etc.) that contains or has access to sensitive Platform data.
- Separation of Duties:Job responsibilities are separated, and mandatory employee reference checks are employed at all levels of Applause operations. Applause tracks and maintains any and all exceptions to standard segregation of duties policies and associated access permission changes.
- Communication: Applause maintains robust communication protocols and procedures to ensure that all policy and system changes that impact security are timely communicated to Platform users through the application interface. In the event emergency communication is needed, Applause also supports alternative methods of communication to users, including email notifications and alerts.