Our Approach to Security
Feefo employs industry-leading security measures to protect the integrity and confidentiality of your data. We understand that your trust hinges on our ability to maintain robust security protocols, and we take this responsibility seriously. Here's how we ensure your data remains safe:
BSI Certificate
Feefo proudly holds the BSI Certificate ISO 27001, a globally recognised standard for information security management systems. This certification validates our adherence to stringent security practices, encompassing risk management, data encryption, access controls, and ongoing monitoring. By aligning with ISO 27001 standards, we reaffirm our dedication to safeguarding your data with the highest level of diligence and professionalism.
Access Control
Feefo employs Identity Provider Single Sign-On (IDP SSO) combined with Multi-Factor Authentication (MFA) to fortify user authentication processes. With IDP SSO, users can securely access Feefo's platform using their existing credentials, reducing the risk of password-related vulnerabilities. Additionally, MFA adds an extra layer of security by requiring users to verify their identity through multiple factors, such as passwords, biometrics, or token-based authentication. This robust authentication mechanism ensures that only authorised individuals can access sensitive data, further bolstering our security infrastructure.
Encryption
Whenever your data is transferred to or from Feefo through a browser or API call, everything is encrypted and sent using HTTPS. Within Feefo’s private firewalled networks, data is encrypted using Transport Layer Security (TLS). All files uploaded by you to Feefo are stored and encrypted at rest using AES-256. All of the data that we store, including within databases and back-ups, are also encrypted at rest using the same encryption algorithm.
Regular Audits and Assessments
We make sure our software infrastructure is always fully up to date with the latest security patches. It is also hosted on a virtual private cloud which is protected by firewalls and monitored. We protect our services from malicious attacks and distributed denial of service attacks (DDOS) by using web application firewall technologies.
Your Data Privacy Matters
At Feefo, we ensure customer data is protected from a number of risks, from external access to data loss. Our customers’ data is written to multiple disks at the same time. This means that if data is unavailable in one location, or if one of our data centres goes offline, services are not interrupted and the data remains intact. The data is then streamed into an online back-up in (close to) real time, and snapshotted daily - with those snapshots being stored in multiple locations. Files uploaded by our customers are stored on servers which are designed to remove any potential bottlenecks or points of failure.
Redundancies
Our servers operate at full redundancy and across multiple locations, which means our systems are designed to withstand multiple server failure. We protect our servers using biometric (fingerprint) locks and 24/7 interior and exterior surveillance monitoring. Our data centres can only be accessed by authorised personnel.
User Control
We provide users with granular control over their data, allowing them to manage their preferences and privacy settings.
Monitoring Data
You can be sure of your account’s security with Feefo, as we have a team that is dedicated to monitoring account security and monitoring tools that will alert us of any potential breaches. We also have internal security measures in place. If a Feefo employee accesses customer data with malicious intent, we will take the appropriate actions, whether that be termination or prosecution.
GDPR Compliance
Feefo complies with the General Data Protection Regulation (GDPR) and other relevant data protection laws. We are committed to respecting your rights as a data subject and handling your data in accordance with legal requirements. To date, we have never experienced a data breach, but we are prepared if we ever do. If an attack takes place, we will notify every customer that may be affected and relevant statutory bodies immediately, in line with GDPR practices.
Partner with Confidence
When you choose Feefo, you can trust that your data is in safe hands. Our unwavering commitment to security and data protection, backed by our BSI Certificate ISO 27001 and stringent privacy measures, ensures that your information remains secure at all times. Partner with us and experience the peace of mind that comes with knowing your data is protected by industry-leading security practices.