At Motivosity, our policies, processes and systems are designed to create a wonderful user experience, while protecting information.
Trusted by 1,000+ leading brands.
The only data collected by Motivosity is nonsensitive, publicly available personally identifiable information (“PII”) of our users.
Name (required: first and last, optional: preferred name)
Work email (purpose: primary identifier of a user account, used for login)
(optional) Day and month of birthday - NOT year (purpose: for elected birthday reminders/shoutouts)
(optional) Mailing address & phone number (purpose: ThanksMatters card, award delivery)
No application data is public. Information can only be accessed by authorized users. Each user belongs to a company. No information from one company can be accessed by a user from another company.
We do NOT store, transfer, or sell any data related to the following categories:
Sensitive PII (e.g. driver’s license, Social Security number, full legal name, bank account number(s), passport, birth certificate, etc.).
PCI (i.e. payment cards; all credit card payments paid to Motivosity go directly through Stripe, our payment processing partner. Details about their security posture and PCI compliance can be found at Stripe’s Security page.)
HIPAA (i.e. health and medical information)
FedRAMP (i.e. government data)
SOX (i.e. financial reporting & integrity)
Here is how your data is processed and stored within the Motivosity platform to assure it is protected and immutable.
AWS Web Application Firewall (WAF) in front of Cloudfront distributions.
AWS autoscaling and provisioning. Multi-region redundancy and recovery.
Containerized applications deployed using AWS Codepipeline for Continuous Delivery to AWS Elastic Beanstalk (EBS).
AWS Relational Database Service (RDS). Encrypted at rest with redundancy and scaling built in.
Motivosity conducts a load test simulating a load of five times the current max traffic load of the system. This simulation is based on the typical user interaction with the platform, the typical company size, and the typical session duration.
Motivosity makes a daily backup of the data. These backup snapshots are stored for three days.
The data recovery process happens in an automated way every day as the staging environment self-rebuilds from the previous day’s backup snapshot. Actual production recovery would follow a similar process and data loss would be limited to a maximum of 24 hours.
AWS Infrastructure and admin console access is restricted by role and group based credentials based on least privileged and MFA authentication protections.
