RBL.ai Security Center
At RBL.ai, we secure and protect the information of every customer worldwide with absolute transparency and 24/7 support.
Security is Our Top Priority
RBL.ai takes the privacy and security of your company data very seriously. Our software and infrastructure are architected from the ground up with enterprise-grade security in mind in order to meet and exceed the strict security requirements of our customers. We understand that storing your data within a Cloud Infrastructure may be of concern, which is why RBL.ai is committed to maintaining transparency and trust with our customers. Many of our customers, including the largest retail, consumer package goods, and financial companies in the world, perform regular and comprehensive information privacy and digital security audits on our process and infrastructure to ensure RBL.ai meets the requirements of their most security-sensitive organizations.
Amazon Web Services (AWS)
To meet the security, compliance and scale requirements of today’s enterprises and government agencies, RBL.ai partners with Amazon Web Services (AWS), the most advanced Platform as a Service provider in the world; chosen by the US Department of Defense, leading banks, leading retailers and some of the world’s largest consumer-based software companies. Amazon personnel do not have logical access to any RBL.ai hosts, applications, or databases. Additionally, RBL.ai encrypts data in transit (moving across the network) and encrypts all data at rest (sitting on a system or in a database) to prevent unauthorized personnel from gaining access to sensitive customer data. This strategic partnership with AWS allows our customers to benefit from the industry’s most comprehensive and innovative security architectures in the world.
Appalachia's staff is highly certified and recognized in the IT community as thought leaders. They foster an environment of skill-crossover and continuing education in order to scale and serve their clients. Appalachia Technologies performs indepentent audits for us to ensure that your data is safe and protected from all types of cyber attacks.
Appalachia Technologies is SOC 2, Type II Audited
SOC 2 audits are based on the AICPA’s Trust Services Criteria. SOC 2 service auditor reports focus on a Service Organization’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system.
“Appalachia Technologies delivers trust-based services to their clients, and by communicating the results of this audit, their clients can be assured of their reliance on Appalachia Technologies’ controls.”
Appalachia Technologies' Awards
Federal and Industry Controls and Certifications
AWS utilizes third-party certifying bodies and independent auditors to provide customers with information regarding policies, procedures, and controls established and operated by AWS. Some of the most stringent audits, controls, and certifications include:
- FBI’s Criminal Justice Information Services (CJIS) standard
- Cloud Security Alliance (CSA)
- Cyber Essentials Plus (UK Government-backed, industry-supported certification)
- Department of Defense (DoD) Cloud Security Models Level 2 and 4
- Federal Risk and Authorization Management Program (FedRAMP)
- Federal Information Processing Standard Publication (FIPS)
- ISO 27001, ISO 27017, and ISO 27018
- SOC 1/ISAE 3402, SOC2, and SOC3
How We Collect and Use Your Personal Data
RBL.ai collects personally identifiable information in the following ways:
Surveys and Assessments
When a company completes an assessment on RBL.ai, we collect business contact data in the form of the following data from you:
- First and last name
- Work email address
- Leader type (e.g. business, functional, HR leader)
- Business performance (e.g. profitability, revenue, quality, NPS, productivity, market share, employee retention, etc.)
- Leadership Brand (e.g. leadership quality, ability to develop leaders, reputation, etc.)
- Organization Capability (e.g. talent, strategic clarity, customer centricity, culture, etc.)
- Talent (e.g. job standards, talent sourcing, workforce plan, employee performance, etc.)
- HR Effectiveness (e.g. HR reputation, purpose, design, capability, etc.)
All personal data collected will only be used to process and analyze the performance of your organization in order to provide guidance. We do not sell personal data to anyone and only share it with third parties who are facilitating the delivery of RBL.ai services.
When you submit a Leadership Brand, Organization Capability, Talent, or HR Effectiveness assessment at RBL.ai, we process your personal data in accordance with applicable personal data regulations. This implies that:
- Your personal data will be treated confidentially
- We only use your personal data for analysis and guidance purposes
- We do not disclose your personal data, except for the data processors we use in our analysis procedure.
Access to this personal data is restricted to relevant employees within RBL.ai only.
RBL.ai stores company details and performance data with security-cleared Amazon Web Services (AWS) and SurveyGizmo (also hosted on AWS), who are assisting us with these services. Your personal data are stored on secure AWS servers in the United States.
Any personal data received from you will only be used for the purpose of processing and providing guidance and will not be disclosed, except to AWS and SurveyGizmo data processors in connection with the analysis procedure.
How We Encrypt Your Data
We encrypt data in transit, at rest, and on all backups.
Here's how: Access to the RBL.ai is available only through secure HTTPS.
All survey and assessment data is encrypted at the disk level - "at rest". Amazon Simple Storage Service (Amazon S3), provides SurveyGizmo with secure, durable, highly-scalable cloud storage which is designed to deliver 99.9% durability. Surveys are further encrypted at the row level in the database. Once data is encrypted in an encrypted survey, encryption cannot be enabled/disabled.
In addition to this, your data is backed up using Amazon Elastic Block Store (EBS) snapshots which are used as a primary storage device for data that requires frequent and granular updates. Automated encrypted snapshots (differentials) of databases are performed daily, and all data storage is redundant.
Our redundant databases reside in a private subnet that is only accessible via our application and web servers. Additionally, we leverage Amazon’s AWS security features to further “lockdown” access to these systems. Bulk response data can only be accessed via the reporting and exporting features available via the application by an RBL.ai employee logging in with their credentials over https.
How Long We Store Your Data
Your personal data and your assessment data are stored in our datacenter at AWS in the United States. This data will be kept active as long as you keep a commercial relationship with us. If you would like your data deleted from our system, a written request to permanently remove all response data from an assessment must be submitted. Per written request, RBL.ai may provide written confirmation that all files, database records, and backups of data have been destroyed. Data cannot be recovered after execution. Data always remains the property of the customer and written requests to destroy data may be submitted at any time.