Motivosity is Certified, Compliant, and Secure
Understand how Motivosity takes your privacy seriously.
At Motivosity our policies, processes and systems are designed to create a wonderful user experience, while protecting their information.
Trusted by global, leading brands.
What data does MV protect? Data collection:
The only data collected by Motivosity is nonsensitive, publicly available personally identifiable information (“PII”) of our users.
- Name (required: first and last, optional: preferred name)
- Work email (purpose: primary identifier of a user account, used for login)
- (optional) Day and month of birthday - NOT year (purpose: for elected birthday reminders/shoutouts)
- (optional) Mailing address & phone number (purpose: ThanksMatters card, award delivery)
Data Handling:
No application data is public. Information can only be accessed by authorized users. Each user belongs to a company. No information from one company can be accessed by a user from another company.
We do NOT store, transfer, or sell any data related to the following categories:
- Sensitive PII (e.g. driver’s license, Social Security number, full legal name, bank account number(s), passport, birth certificate, etc.).
- PCI (i.e. payment cards; all credit card payments paid to Motivosity go directly through Stripe, our payment processing partner. Details about their security posture and PCI compliance can be found at Stripe’s Security page.)
- HIPAA (i.e. health and medical information)
- FedRAMP (i.e. government data)
- SOX (i.e. financial reporting & integrity)
How Does MV protect your data?
Here is how your data is processed and stored within the Motivosity platform to assure it is protected and immutable.
Firewall
AWS Web Application Firewall (WAF) in front of Cloudfront distributions.
Load Balancer
AWS autoscaling and provisioning. Multi-region redundancy and recovery.
Application
Containerized applications deployed using AWS Codepipeline for Continuous Delivery to AWS Elastic Beanstalk (EBS)
Database
AWS Relational Database Service (RDS). Encrypted at rest with redundancy and scaling built in.
Motivosity conducts a load test simulating a load of five times the current max traffic load of the system. This simulation is based on the typical user interaction with the platform, the typical company size, and the typical session duration.
Motivosity makes a daily backup of the data. These backup snapshots are stored for three days.
The data recovery process happens in an automated way every day as the staging environment self-rebuilds from the previous day’s backup snapshot. Actual production recovery would follow a similar process and data loss would be limited to a maximum of 24 hours.
AWS Infrastructure and admin console access is restricted by role and group based credentials based on least privileged and MFA authentication protections.
Execute with Confidence
Frequently Asked Questions
Is your data encrypted?
Yes! All information in Motivosity is encrypted in transit using TLS 1.2 and also encrypted at rest by default within AWS RDS using AES-256 encryption.
What is the security for user authentication?
What is Motivosity’s monitoring and alerting solution?
Does Motivosity test and validate security controls?
Where is my data stored?
What are the data retention and backup policies?
Does Motivosity have a Disaster Recovery plan?
How does Motivosity support technical issues?
