Compliance

Introduction

At Judge.me, we care about being authentic, accessible, and secure. We are committed to protecting the rights of store owners and reviewers by complying with the following laws and regulations:

Data Processing & Privacy

What personal data do we collect?

According to our Privacy Policy, we only collect personal data that is essential for running our customer review application and supporting our users in providing the best experience to reviewers. We do not use personal data for any other purposes than what has been agreed with our users.

Is our privacy policy compliant with any standard?

Yes, we are compliant with the most popular standards that protect the privacy rights of store owners and reviewers, including:

General Data Protection Regulation (GDPR): the privacy and security law drafted and passed by the European Union (EU).
California Consumer Privacy Act (CCPA): the legislation that strengthens privacy rights and consumer protection for residents of California.

What do we do to protect privacy rights?

We’ve developed certain features to make sure the privacy rights of store owners and reviewers are protected according to the General Data Protection Regulation (GDPR). In particular, we’ll:

  • Send all the reviewer data that stores have collected and processed upon request of reviewers (right to access and right to be informed).
  • Provide tools for reviewers to edit their display name, display name format, and reviews. Let stores make minor edits of review content, with the consent of reviewers (right to rectification/edit).
  • Provide tools for reviewers to delete their reviews, and delete all reviewer data that stores have collected and processed upon request of reviewers (right to be forgotten).
  • Provide all personal data in a structured and machine-readable format (right to data portability).

Where does personal data go?

We use Heroku and Amazon Web Services (AWS). Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilises the Amazon Web Service (AWS) technology.

Amazon conducts recurring assessments to ensure compliance with industry standards. In particular, their data center operations have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2 / SSAE 16 / ISAE 3402 (previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

Store owners can sign a Data Processing Addendum with us to ensure that when any data transfer takes place inside or outside of the European Union, their interests are protected by the Standard Contractual Clauses (SCCs). Judge.me also applies SCCs with our third-party sub-processors. The use of SCCs outside of the EU has been validated by the Court of Justice of the European Union.

Who do we share personal data with?

We currently authorize some third-party sub-processors to process the data depending on which functions the stores enable in their Judge.me settings.

Is personal data kept safe?

Ensuring data safety is essential to us here at Judge.me. So, we partner with HackerOne - the world’s largest community of security hackers, and utilise their Bug Bounty Program to reduce our risk of security vulnerabilities.

HackerOne has partnered with thousands of organisations and their services are used by big brands such as Shopify, WordPress, Slack, Twitter, Github, and Nintendo.

Accessibility for everyone

We strive to make our applications accessible to everyone, including those with disabilities. When building the apps, our developers ensure that essential features are compliant with Level AA of Web Content Accessibility Guidelines (WCAG 2.1 AA) and The Americans with Disabilities Act. In particular, we have:

  • Added labels to the elements of our widgets so screen readers can describe these elements in a meaningful way.
  • Made all clickable links/buttons keyboard accessible.
  • Made focus appropriately changed after a click.
  • Set good color contrast for all default themes.

Authenticity of reviews

To maintain the authenticity and transparency of our apps and platforms, we follow the Consumer Review Fairness Act (CRFA) enforced by the Federal Trade Commission (FTC). This protects consumers’ ability to share honest opinions about products and services provided by stores using Judge.me. We encourage our users to publish all of their reviews, even the unfavorable ones. We also reward stores with different types of medals: transparency, authenticity, top shops, top trending shops, verified reviews, and monthly records. Stores can display these medals on their review site listing and online store to showcase their social proof to potential customers.

Judge.me medalsJudge.me medalsJudge.me medalsJudge.me medalsJudge.me medals

World-class Infrastructure

We handle user-generated content with fast, secure and reliable suppliers to optimize the performance of our apps and platforms.

Heroku and Amazon Web Services: cloud hosting platform to host user-generated content that we collect on behalf of store owners.
Postmark: transactional email service to send review request emails on behalf of store owners.
Imgix: image hosting service to store and display customer review images.
Cloudflare: video hosting service to store and display customer review videos.
OOPSpam: spam detection tool to detect and filter spam reviews.