When it comes to harassment and discrimination reporting, security and privacy are crucial, both to the employees who speak up about incidents and to the HR teams that handle them. Our engineering team has built Spot so that everyone can feel safe and secure trusting our platform with their data.
At the highest level, we use industry-standard encryption to protect reports from unwanted access. And to minimize the chances of information being hacked or stolen, we don’t keep data around any longer than necessary.
Below are some of the questions that, as CTO, I get asked most frequently about how we keep Spot secure and private.
Protecting your organization’s data
Where is customer data stored?
Data is stored in AWS’s EU-West 1 location (Ireland, London, Paris).
Are you GDPR compliant?
Yes. We also have legal counsel who specializes in this area.
What data do you store?
For admins, Spot stores account information such as names, email addresses, and passwords (hashed, or scrambled, so there’s no encryption key for a hacker to steal and decrypt).
For employees submitting reports, we store the report content, which is primarily free text and image files. We give employees the option to provide responses to a few structured fields—such as name, incident frequency, and department—and if they provide that data, we store it as well. See the section on protecting employee privacy, below, for more info on the employee experience.
Who has access to customer data?
Only very select people at Spot have access to customer data, and those access rights are regularly reviewed.
How are admin dashboard accounts secured?
Spot does its part to ensure that admin dashboard accounts are secure with mandatory two-factor authentication in addition to password protection. Dashboard sessions are also limited to a short duration before the admin is logged out for inactivity. All admin activity on reports is logged in the dashboard with timestamps and is exportable, along with the reports themselves, in PDF form. Admins can’t manipulate or delete report or activity data.
What’s your backup retention policy?
Spot has daily and weekly automated backups. The daily backups are retained for 7 days, and the weekly backups are retained for 2 months. All backups are stored on encrypted storage with access limited to only key people on the Spot team.
Log data can stay around for a couple of weeks, but it doesn't contain any personal data.
Where is backup data stored?
Backups are located where our servers are hosted: AWS’s EU-West 1 location (Ireland, London, Paris).
How does Spot make sure its systems are secure?
NCC Group conducted a third-party security audit of Spot. We also run an ongoing security bug bounty program with Bugcrowd.
Where are Spot’s offices located?
Spot has offices in San Francisco, USA, and Berlin, Germany.
Protecting reporter privacy
With Spot, individuals always have complete control over the information they decide to share. No human will see what someone chats with Spot about unless that person decides to submit a report to their organization and/or contribute their report to Spot for research.
Does the Spot team view chat histories?
No. The Spot team does not monitor chats (and employers cannot see them). Chat histories are deleted at the end of a user’s session.
Are individuals who chat with Spot required to submit a report?
No. Reporting is optional—individuals can use Spot to document an incident, download and keep the private report for themselves, and also save their report with Spot so they can decide whether to submit it later.
What’s a private report?
Once the bot-guided reporting interview is completed, Spot generates a securely signed, timestamped PDF that the employee can download and keep in a safe place. Since it’s digitally signed, this private report cannot be modified once it is created.
After sending the private report to themselves, individuals have the option to submit a version of the report to their organization or save their report with Spot so they can have the option to submit it later. Reports saved for later are kept for 1 year.
What reporter data does Spot store for customers?
For organizations using Spot, report data and the email addresses of the people who submit reports are stored indefinitely for the purposes of follow-up. Email addresses are never visible to the organization. We allow organizations to keep reports indefinitely so they have the information they need to take action on incidents and to track their progress. In fact, reports cannot be deleted, largely in order to hold organizations accountable.
What reporter data does Spot store if someone creates a report but their organization doesn’t use Spot?
When an individual submits a report to an organization that isn’t yet using Spot, the organization gets a link to download the report. The reporter gets a status page where they can see if the report has been downloaded. As long as the report hasn't been downloaded, the reporter can still delete (or retract) the report. 30 days after the report is first downloaded by the organization, we delete the report from Spot’s servers. If the report isn’t downloaded after 90 days, we delete it from our servers. If the individual saves a private report for later, their email address and report data are stored until they decide to submit their report or to delete it.
What about report data that’s contributed for research?
All Spot users have the option of contributing their report for research. These reports are stored permanently but are completely anonymized first.
If you’d like to learn more about security and privacy at Spot, take a look at our in-depth Security page. Still have questions? Email us at firstname.lastname@example.org.