Get Started

PRIZ Guru’s Security Statement

Introduction

We use the PRIZ Innovation Platform on daily basis. Ensuring our platform remains secure is vital to protecting our own data, and protecting your information is our highest priority.

Our security strategy covers all aspects of our business, including:

PRIZ Guru Security Policies & Procedures

Every PRIZ Guru employee and subcontractor is expected to respect the terms of our data confidentiality policies, available at Privacy Policy. Access rights are based on an employee’s job function and role.

Security in our Software Development Lifecycle

PRIZ Guru uses the git revision control system. Changes to any of our bases go through a suite of automated tests and are reviewed and go through a round of manual review. When code changes pass the automated testing system, the changes are first pushed to a staging server wherein PRIZ employees are able to test changes before an eventual push to production servers and our customer base. We also add a specific security review for particularly sensitive changes and features. PRIZ engineers also have the ability to “cherry-pick” critical updates and push them immediately to production servers.

We also work with third-party security professionals to test our web application security.

PRIZ Guru Architecture & Scalability

Scalability/Reliability of Architecture

PRIZ Guru uses DigitalOcean, a cloud infrastructure provider, services to manage user data. The database is replicated synchronously so that we can quickly recover from a database failure. As an extra precaution, we take regular snapshots of the database and securely move them to a separate datacenter so that we can restore them elsewhere as needed, even in the event of regional DO failure.

We currently host data in secure data centers maintained by DigitalOcean. DO is SOC 2 Type II certified. DigitalOcean has achieved Cloud Security Alliance (CSA) STAR Level 1 which addresses fundamental security principles across 16 domains to help cloud customers assess the overall security risk of a cloud service.

Encrypted Transactions

Web connections to the PRIZ Guru service are via TLS 1.2 and above.

Information Security

Security Consulting and Application Review

We work with external security advisors and have a responsible disclosure policy that allows security researchers to report vulnerabilities in our application.

Data Center Security

Amazon

Amazon employs a robust physical security program with multiple certifications, including an SSAE 16 certification. For more information on Amazon’s physical security processes, please visit aws.amazon.com/security.

Product Features

Administrator Management Features

Authentication – PRIZ Guru administrators can have employees authenticate via Google Accounts. If passwords are stored directly with PRIZ Guru, we secure them using salted bcrypt.

User Management – Administrators can see Last Activity, Guest/Member status, and deprovision users from a central administration interface.

User Features

Privacy, Visibility, & Sharing Settings – Customers determine who can access different categories of data like projects, ideas, solutions, and the final reports. You can limit and/or remove users’ access at any point in time.

Privacy

Privacy Policy

PRIZ Guru’s privacy policy, which describes how we handle data input into PRIZ Innovation Platform, can be found on the privacy policy page.

Availability

We are committed to making the PRIZ Innovation Platform consistently available to you and your teams. Our systems have built-in redundancy to withstand failures and are constantly monitored to keep your work uninterrupted.

Want to report a security concern?

Email us at [email protected].