Data Privacy & Data Security FAQs
ProHire - Digital Crew Onboarding
-
Who can access personal data shared through ProHire?Production companies, productions, their staff and their agents or service providers have access to the personal data and information you provide to them. Revolution is an Employer of Record, and there are two groups of people who can access at least some of your personal data: Payroll Processing Team: the people who need to review the information to process payroll. Support Staff: team members who get calls from users who are entering the information You have the right to access your personal data at any time. This is commonly referred to as “subject access”. You can make a subject access request, for free, in writing to info@revolutiones.com.
-
Where is the personal data of someone onboarded with ProHire stored?Servers that run the ProHire application are based in the United States. Data is stored in a database, and final documents are stored in a secured storage.
-
How does Revolution secure personal data and sensitive files stored in ProHire?Database and file storage is encrypted at rest using AES-256, and key fields (e.g. SSN) are also encrypted inside the database.
-
Does Revolution share data stored in ProHire with third-party entities?We host both the database and storage on the Google Cloud Platform.
-
How long does ProHire keep personal data and what happens to someone's personal data at the end of a show?For audit purposes, data needs to be kept at least 7 years. At the end of a production, personal data remains online.
About Our Data Security
Automatic backups
ProHire databases are automatically backed up in real time and stored in a secure and remote data center not directly linked with our production servers to ensure redundancy of your data. Our server architecture is redundant, meaning even if one server fails, the system stays active and accessible.
More than 99% uptime
We maintain more than 99% uptime, which guarantees you service continuity and quality assurance.
Support management
Our support team is trained to resolve any incident and is available during business hours 7 days a week by email and phone.
Encrypted data transfers
Server-to-client communications are encrypted with TLS (HTTPS). The system is designed to prevent any plain communication through the Internet.
Secure data centers
ProHire only stores and processes data in Tier 3 data centers, with biometric access control, onsite energy production systems and all IT equipment being dual-powered and provided with two redundancies.
Compliance best practices
We use compliance best practices to manage vulnerabilities and track our dependencies for known CVEs. We closely monitor security mailing lists to be aware of the latest threats. To further limit potential risks, we configure our services with tight firewall rules.
Our code is scanned for known CVEs in the dependencies we're using.
We encrypt your data
ProHire encrypts at rest using AES 256. All connections from your browser to ProHire enforce TLS encryption. We only store passwords as salted hashes, not plain passwords.
We backup your data
All data and the database are backed up in real-time, and documents are backed up periodically throughout the day, 7 days a week. Our backups are in a different availability zone than live data.
We log all activity
Any connection to our systems is logged.
We respond promptly to incidents
We monitor external services and open source libraries for security issues. We use automated tools to continuously scan for service interruptions, performance degradation, and security vulnerabilities and alert our engineers as incidents are detected.
We test our releases
To ensure system availability and provide the best experience, we review and test all updates to ProHire. For each change, we perform unit and end-to-end tests. Our quality assurance team evaluates and manually tests functions expected to be impacted by a change to ensure they're not negatively impacted by a regression.
After we release a change, we continue to monitor and log exceptions and schedule them for resolution. We use several monitoring services to monitor any impact to performance from changes.