We process millions of Product Experiences for thousands of users every year. Our top priority is keeping the data you share with us safe. Compliance with global privacy protocols is important to our company. Consensus values data privacy and security very highly. We use the latest security technologies to protect your data, and we have a dedicated team of security experts who monitor our systems 24/7. We do require all our employees to undergo regular training on data security and privacy best practices upon hire and annually.
To ensure the best experience for our users, we maintain a secure environment while also keeping our performance at the highest level. This includes ensuring that our servers are up and running smoothly, our software is up to date, and our security protocols are airtight. In short, we do everything we can to keep our platform secure and running smoothly.
We receive questions about Consensus’s security practices from time to time. Generally, we are not eager to disclose much about our security practices because it is only beneficial to the very people we are trying to protect against. We respect our customers’ concerns about security, and we are serious about transparency. Here we share answers to the questions we think our customers might find most useful.
Customer personally identifiable information
Employee personally identifiable information
Credit card Information
Personal health information
Consensus takes security seriously and has built a platform using best practices for a highly scalable, available, and secure platform. Consensus’s security infrastructure starts at our foundation and includes protocols such as encryption (in transit and at rest), routine internal and third party security assessments, annual third party penetration tests, SOC 2 Type 2 Attestation, least privilege access, and security-focused software development. Consensus also uses the principles outlined in the OWASP Secure Coding Practices to defend against the OWASP Top 10 security vulnerabilities.
Consensus is hosted on Amazon AWS and OCI.
-For more information on AWS’s security: https://docs.aws.amazon.com/security/
-For more information on OCI’s security: https://docs.oracle.com/en-us/iaas/Content/Security/Concepts/security_overview.htm
Consensus provides many in-product data protection capabilities as well as admin controls to provide greater visibility and control over your data. Enterprise admins can securely deploy Consensus to their organizations with tools such as SSO, Opt in/out functionality, and DemoBoard two-factor authentication. Role based access control is also supported and customizable by admins.
Consensus is dedicated to protecting and upholding customers’ privacy rights. Our privacy compliance program is aligned to fit with regulations such as the U.S. Data Privacy Framework, the General Data Protection Regulation (GDPR), and California Consumer Privacy Act (CCPA).
Consensus’s Subscriber Agreement incorporates Consensus’s ToS under which Consensus commits to processing and safeguarding personal data in accordance with GDPR requirements. This includes Consensus’s commitment to process personal data consistent with the instructions of the data controller.
Here is a complete list of Consensus’s subprocessors that is kept up to date.
For any privacy or security related questions, please contact your CSM/AE or reach out to our Security team at security@goconsensus.com