How we keep your data secure

Security and compliance

4.5+170 reviews in G2

Trust, safety and security are RatedPower’s greatest responsibility. Ensuring your peace of mind is at the core of what we do. Learn more about how we keep you —and your data— safe.

Security and Privacy at RatedPower

Enterprise-grade security and privacy

RatedPower uses state-of-the-art protocols and follows security best practices to protect the account information and the privacy of our customers.

Security certifications and standards

Certification and standards

  • SOC 2 Type I and Type II
    We are proud to be SOC 1 and SOC 2 Type II compliant, demonstrating our commitment to the highest standards of security, availability, and confidentiality. We have strong and rigorous processes in place to protect sensitive data and ensure operational integrity over time.
  • Amazon Web Services platform
    RatedPower uses Amazon Web Services as its cloud provide and follows security best practices such as CIS AWS and CSA STAR, for more information about how Amazon manages security, read here.
GDPR Compliant

Privacy and data security at heart

  • GDPR Compliant
    RatedPower servers are hosted on Amazon Web Services (AWS) within the European Union. In strict adherence to the General Data Protection Regulation (GDPR), RatedPower contemplates and oversees international data transfers with Enverus, its parent company.
  • US server deployment
    Additionally, RatedPower has deployed a version of its software on servers located in AWS US East 1 (North Virginia), United States. In accordance with GDPR, the storage of data in the U.S. is considered an international data transfer. Although the data may not be actively transferred, storage in the U.S. is subject to the same requirements as data transfers due to the GDPR’s stipulations regarding data protection levels.
  • Responsable data transfer management
    To ensure compliance, RatedPower has implemented the necessary measures to manage international data transfers and apply appropriate safeguards to protect the data in accordance with applicable regulations.

Your data is always safe and secure

Icon

Data encryption

All services and data are safeguarded with robust encryption measures. Data in transit is encrypted using TLS 1.2 or higher, ensuring secure communication across networks. Additionally, all data at rest is also protected with strong encryption, maintaining the confidentiality and integrity of information stored within the platform.

Icon

Robust product security testing

Our platform is put through strict security reviews, regular penetration tests using trusted security vendors; and periodic threat assessments.

Icon

Secure account access

Our Enterprise plans include central management for your account access policies with Single Sign-On (SSO) and Multifactor Authentication.

Icon

Policies, culture and team

We apply strict information security policies throughout the company and we train our team on an ongoing basis. RatedPower, as a part of Enverus, has a dedicated security team focusing on the security of our products, company and your data as a customer.

We've got you covered

RatedPower has SOC 2 Type I and SOC 2 Type II certifications, ensuring our commitment to maintaining high standards of security and compliance. If you’re evaluating our security platform and need access to our reports, please connect with us.

RatedPower’s cloud infrastructure is supported by Amazon Web Services (AWS) and follows security best practices such as CIS AWS and CSA STAR. The infrastructure is isolated within an AWS Virtual Private Cloud (VPC) with separate Security Groups and Access Control Lists (ACLs) to restrict access.

All data at rest is securely stored and encrypted using the strong cryptographic algorithms. A backup policy is in place to ensure data safety.

Data in transit is always transmitted securely using TLS 1.2/1.3.

Users can authenticate using application username/password or federated identity systems (Auth0). Multi-Factor Authentication (MFA) is also available to enhance security.

RatedPower uses a role-based access control (RBAC) mechanism to manage user authorization. The platform has defined different roles such as Read-only, Basic User, User, Team Manager, and Admin to control access levels.

Yes, MFA is available to all users, regardless of their subscription level, providing an additional layer of security during login.

Yes, enterprise subscriptions include the ‘Corporate ID’ feature, allowing clients to integrate with their own directory service. Learn more.

RatedPower follows DevSecOps methodology, integrating security testing into software development and operational processes. This includes automatic scans like Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA), as well as manual reviews and testing.

RatedPower is aligned with General Data Protection Regulation (EU GDPR) requirements and has a robust data protection program in place to ensure compliance with applicable laws and regulations. You can learn more about our privacy policy here.

Upon contract termination and at the client’s request, all data is removed in accordance with RatedPower’s data retention policy. 

Yes, we conduct regular security checks and assessments, including annual penetration tests by third-party services.

More questions about security?

If you have any additional questions about security at RatedPower, please connect with us. Our infrastructure and security team stands by, ready to help.