uTest.com has created this privacy statement in order to demonstrate our firm commitment to privacy. The following discloses the information gathering and dissemination practices for this Web site: uTest.com.
For each visitor to uTest.com web site, our web server automatically recognizes only the consumer's domain name, but not the e-mail address. uTest.com collects only the domain name, but not the e-mail address of visitors to our web site, aggregate information on what pages consumers access or visit, information volunteered by the consumer, such as survey information and/or site registrations. The information we collect is used to improve the content of our web site, used to notify consumers about updates to our web site, not shared with other organizations for commercial purposes.
When you participate on the uTest.com web site, we request certain information. uTest.com does not share any of your personally identifiable or transactional information with any person or entity. No other third party receives your personally identifiable information or other transactional data except for those with whom you have transactions.
If you supply uTest.com with your postal address on-line you will only receive the information for which you provided us your address. Users who supply us with their telephone numbers on-line will only receive telephone contact from us with information regarding orders they have placed on-line.
Personally Identifiable Information-When visiting uTest.com's or any Client's Web site and signing up for or using uTest.com services through any Service Page, you may choose to supply uTest.com with information that identifies users personally. For Testers, this information may include name and contact information, gender, birth date, occupation and industry, shipping and billing information, behavior patterns, purchase history, and other information.
Aggregate Information--uTest.com collects non-identifying, general, generic and aggregate information to better design our Web site and services, and shares the aggregate data with advertisers and other third parties. With respect to security: uTest.com uses PayPal, which utilizes industry-standard encryption technologies when transferring and receiving Company and transaction data exchanged with our site.
Unless otherwise indicated, the information contained in this site including all images, illustrations, icons, designs and written and other materials that appear on the site are copyrights, trademarks, trade dress or other intellectual property owned, controlled, or licensed by uTest or its affiliates or are the property of their respective owners and are protected by U.S. and international copyright laws and conventions.
Accessing the uTest.com web site does not authorize Users to use any name, logo, trademark or service mark in any manner. Permission is granted to display, download and print in hard copy format other resources of the site solely for the purposes of using the site as an internal or personal business resource. None of the resources may be copied, reproduced, distributed, republished, downloaded, displayed, posted electronically or mechanically, transmitted, recorded, in any manner mirrored, photocopied or reproduced without the prior written permission of uTest.com or the applicable owner.
Lastly, uTest.com does not and will not sell your personal information to anyone, for any reason, at any time.
This security policy applies to uTest members who have access to the Applause Platform through an Expended Profile. As a provider of software and services for many users on the Internet, Applause recognizes how important it is to help protect user privacy and security. Applause understands that secure products are instrumental in maintaining the trust users place in the its products and services, and Applause strives to create innovative products that both serve user needs and operate in users’ best interests.The uTest/Applause Platform & Scope
Applause offers a variety of services and solutions through its software-as-a-service offering to customers and community members, including analytics, reporting, test services execution, test cycle management, and test cycle analytics. Applause has designed its Information Security (“InfoSec”) Program around supporting security of the core application, infrastructure, and data components (“the Platform”) that support its core, “In-the-Wild” testing services.
The InfoSec Program and its underlying policies apply to all users of the Applause Platform, including all employees, customers, community members and other third parties.A Shared Security Responsibility Environment
Applause has designed its products to be flexible, scalable, and robustly configurable to its users. This means that often times, access restrictions, account delegation, user rights and additional security items are left to the user to determine. While Applause has secured the underlying Platform infrastructure, the back-end data, and the core Application code, users are responsible for securing the data that is ultimately placed in their respective product instances. This includes all data entered through the Platform interface into the instance, any user accounts that access your instance(s), the associated user roles and groups that enable various access-levels of those users, etc. For this reason, Applause recommends that users of the Platform maintain sufficient controls to provide reasonable assurance of the following standards:
- Access to the Applause Platform should be restricted to authorized users, and user names and passwords should be kept confidential.
- Users are responsible for accuracy, quality, integrity and legality of their accounts, content, and data for the quality, configuration, and performance of the Platform with respect to user accounts, content, and data.
- Users must make reasonable efforts to prevent unauthorized access to use of the Platform and applicable user accounts, and must notify Applause promptly of any such unauthorized access or use.
- Users are responsible for reporting issues and incidents related to information security, and following up on the status of those issues to ensure they are resolved, in accordance with the process outlined below.
Applause provides a host of advanced functionality to secure the Platform including role-based access, strong connection encryption, robust password policies and more. Applause adds further layers of security, such as application-only access, to provide users complete confidence in the Platform and their data.
Applause employs stringent, 24/7 monitoring tools, controls, policies and procedures to ensure that it provides the strongest security for its users.
Key benefits and features of Applause’s commitment to security include:
- Role-level Access & Idle Disconnect: Role-based access control ensures users can only use data and Platform functionality that is related to their specific responsibilities, as dictated by their account administrator. Additionally, Applause automatically locks the Platform when idle connections are detected to prevent unauthorized access. Finally, the Platform natively provides a complete audit trail to ensure changes within a user account or customer instance are tracked with user login details and timestamp.
- Strong SSL Encryption: Applause provides SSL encryption for user login and all subsequent data.
- Application-Only Access: Applause ensures that external users of the Platform can only access the application, not the underlying database.
- Strong Password Policies: Applause provides various password policies to prevent unauthorized access to user accounts, including minimum password length and complexity requirements, password repetition controls, and automatic lock-out after unsuccessful login attempts.
- Continuous Security Monitoring: Applause employs intrusion detection systems to identify malicious traffic attempting to access the Platform network. Any unauthorized connection attempts are logged and appropriately investigated. Applause also employs numerous performance and utilization monitoring solutions for the Platform infrastructure.
- Risk Management: Enterprise-grade anti-virus software guards against Trojans, worms, viruses, and other malware from affecting the Platform and its underlying components. Encryption is required on all removable media (employee laptops, thumb-drives, etc.) that contains or has access to sensitive Platform data.
- Separation of Duties: Job responsibilities are separated, and mandatory employee reference checks are employed at all levels of Applause operations. Applause tracks and maintains any and all exceptions to standard segregation of duties policies and associated access permission changes.
- Communication: Applause maintains robust communication protocols and procedures to ensure that all policy and system changes that impact security are timely communicated to Platform users through the application interface. In the event emergency communication is needed, Applause also supports alternative methods of communication to users, including email notifications and alerts.
The purpose of Applause’s incident management policies & procedures is to ensure the timely and effective response to all potential threats to the Applause’s information security. Without an incident response capability the potential exists that, in the event that a security incident occurs, the incident will go unnoticed and the degree of harm associated with the incident may be greater than if the incident were properly recognized and mitigated.
If you are an Applause Platform customer and have a security issue to report regarding your personal account, or have discovered a vulnerability in an Applause product, please contact your assigned Project Manager directly and report the incident via email to firstname.lastname@example.org.
If you are an Applause Community member and have a security issue to report regarding your personal Applause account, or have discovered a vulnerability in an Applause product, please contact your assigned Community Manager and report the incident via email to email@example.com.
Applause takes security issues seriously and will respond swiftly to fix verifiable security issues. Some of the components that make up the Applause Platform are complex and take time to update. When properly notified of legitimate security issues, Applause personnel will do their best to acknowledge your emailed report, assign resources to investigate the issue and mitigate potential problems as efficiently and effectively as possible.Safe Harbor
Applause complies with the US-EU Safe Harbor Framework and US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Applause has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view our certification page, please visit http://www.export.gov/safeharbor/.
- For Applause customers: please contact your assigned Project Manager directly and report the incident via email to firstname.lastname@example.org
- For uTest testers: please contact the company and report the incident via email to email@example.com
- For all others: please contact Applause Information Security at firstname.lastname@example.org, 100 Pennsylvania Ave., Framingham, MA 01701
Applause has further committed to refer unresolved privacy complaints under the US-EU and US-Swiss Safe Harbor Principles to an independent dispute resolution mechanism, the BBB EU SAFE HARBOR, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Applause, please visit the BBB EU SAFE HARBOR web site at http://www.bbb.org/us/safe-harbor-complaints/ for more information and to file a complaint.