Data Privacy & Data Security FAQs
SetKeeper - Secure Document Distribution & International Crew Onboarding
-
Who can access personal data shared through ProHire?Production companies, productions, their staff and their agents or service providers have access to the personal data and information you provide to them. Revolution is an Employer of Record, and there are two groups of people who can access at least some of your personal data: Payroll Processing Team: the people who need to review the information to process payroll. Support Staff: team members who get calls from users who are entering the information You have the right to access your personal data at any time. This is commonly referred to as “subject access”. You can make a subject access request, for free, in writing to info@revolutiones.com.
-
Where is the personal data of someone onboarded with ProHire stored?Servers that run the ProHire application are based in the United States. Data is stored in a database, and final documents are stored in a secured storage.
-
How does Revolution secure personal data and sensitive files stored in ProHire?Database and file storage is encrypted at rest using AES-256, and key fields (e.g. SSN) are also encrypted inside the database.
-
Does Revolution share data stored in ProHire with third-party entities?We host both the database and storage on the Google Cloud Platform.
-
How long does ProHire keep personal data and what happens to someone's personal data at the end of a show?For audit purposes, data needs to be kept at least 7 years. At the end of a production, personal data remains online.
About Our Data Security
Automatic backups
SetKeeper databases are automatically backed up in real time and stored in a secure and remote data center not directly linked with our production servers to ensure redundancy of your data. Our server architecture is redundant, meaning even if one server fails, the system stays active and accessible. We maintain more than 99% uptime, which guarantees you service continuity and quality assurance.
Disaster recovery
Our system is designed to re-deploy automatically and identically in case of failure. Our database is designed to automatically restore from our real-time backup at any time using a secured channel.
Incident management
We report any incident that happens on our platform by informing all impacted users via email or in-app chat if available. Our support team is trained to resolve any incident and is available 7/7 by email and phone.
We’re hosted on Amazon Web Services and Google Cloud Platform
SetKeeper uses Amazon Web Services (AWS) to store and process data. We also use Google Cloud Platform to host our web application and website. To ensure compliance with industry best practices, Amazon and Google's data centers are accredited to conform to these industry standards:
-
ISO 27001
-
SOC 1 and SOC 2
-
PCI Level 1
We keep our systems up-to-date
Our systems are configured to automatically apply security patches as soon as they are available. We use compliance best practices to manage vulnerabilities and track our dependencies for known CVEs. We closely monitor security mailing lists to be aware of the latest threats. To further limit potential risks, we configure our services with tight firewall rules.
We test our system on a recurring basis
We work closely with our customers and third party security companies to perform thorough Penetration Tests on a recurring basis. Our code is scanned for known CVEs in the dependencies we're using. Our infrastructure is scanned for any misconfiguration using AWS Config and scanned every week for known vulnerability with Detectify.
We encrypt your data
SetKeeper encrypts at rest using AES 256. All connections from your browser to SetKeeper enforce TLS encryption. We only store passwords as salted hashes, not plain passwords.
We backup your data
All data, database and documents are backed up in real-time. Our backups are in a different availability zone than live data.
We log all activity
Any connection to our systems is logged. These logs are centralized with Datadog and stored in an encrypted AWS S3 bucket. This bucket is configured to make sure logs cannot be tampered with nor deleted.
We respond promptly to incidents
We monitor external services and open source libraries for security issues. We use automated tools to continuously scan for service interruptions, performance degradation, and security vulnerabilities and alert our engineers as incidents are detected. You can track SetKeeper's status in real time here: https://status.setkeeper.com
We test all releases
To ensure system availability and provide the best experience, we review and test all updates to SetKeeper. For each change, we perform unit and end-to-end tests on our continuous integration server. Our quality assurance team evaluates and manually tests functions expected to be impacted by a change to ensure they're not negatively impacted by a regression.
After we release a change, we continue to monitor and log exceptions and schedule them for resolution. We use several monitoring services to monitor any impact to performance from changes.
We ensure our employees will help keep your data secure
We conduct pre-employment checks on new SetKeeper employees and require that they sign a confidentiality agreement. During onboarding and on a recurring basis (once a year) thereafter, we train employees on company policies, security, privacy, and compliance to ensure they all know how to properly protect your data and react to security threats. We ensure that each device follows our information security standards by encrypting our employees hard drives and installing anti-malware software.