Review Monster

Privacy Regulations Compliance (GDPR)

Updated: 09/29/2023

The data privacy regulatory landscape is constantly evolving. You may be aware of the EU General Data Protection Regulation (GDPR) that became effective on May 25, 2018. This reference document provides essential information regarding our products and privacy regulations. For detailed insights, please refer to our comprehensive Privacy Policy.

If you have any questions, comments, or concerns about our Privacy Policy, your data, or your rights concerning your information, please contact us at reviewmonster40@gmail.com.

European Union General Data Protection Regulation (GDPR)

Review Monster, operating through ReviewMonsterOnline.com, is committed to safeguarding your data. Here’s how we comply with the GDPR:

  • Handling of Personal Data:

    • We never have and never will sell customer data.

    • Our products are free from ads for other services.

    • We minimize data collection – we only ask for what we need.

    • Our apps request limited permissions on your devices.

    • Robust security measures, including encryption in transit and at rest, are implemented. Employees and contractors adhere to non-disclosure agreements.

    • All communication with us involves human interaction; no bots are used.

    • We collaborate with sub-processors, ensuring their commitment to privacy through data processing addendums.

  • Relevant US Laws:

    • While the US lacks a national consumer privacy law akin to the GDPR, relevant security laws include the Foreign Intelligence Surveillance Act (FISA) and Executive Order 12-333.

    • To facilitate legal data transfer from the EU to the US, we offer a data processing addendum, complying with GDPR privacy principles, rights, and obligations.

  • Data Processing Addendum:

    • We provide a standard Data Processing Addendum (DPA) that aligns with GDPR privacy principles.

    • The DPA includes the European Commission’s Standard Contractual Clauses for processing EU personal data.

  • Privacy Shield:

    • While Saastic voluntarily participated in the EU-US and Swiss-US Privacy Shield Frameworks, these frameworks are no longer valid legal mechanisms for data transfer.

  • California Consumer Privacy Act (CCPA):

    • Saastic operates as a “service provider” under the CCPA, processing data solely for the intended purpose.

    • We do not sell personal information or use data for other commercial purposes without explicit permission.

  • US Health Insurance Portability and Accountability Act (HIPAA):

    • Our products are not currently HIPAA-compliant.

  • Sub-processors:

    • We use GDPR-compliant sub-processors, such as Amazon Web Services, Help Scout, Mailgun, Sentry, and Stripe, ensuring data processing agreements and compliance with GDPR Standard Contractual Clauses.

For more details on our commitment to data privacy, please refer to our Privacy Policy.