Security, privacy, and compliance basics
How Reveddy approaches customer data, embed domain controls, incentivized disclosure, and practical steps for GDPR-minded teams.
Reveddy stores customer-submitted content and contact information needed to operate testimonial programs. Treat the dashboard like any other system of record containing PII: enforce strong passwords or SSO where available, revoke seats when employees leave, and limit API keys to production services that follow your secure SDLC.
Embed domain allowlisting reduces the risk of your approved quotes appearing on untrusted sites and helps prevent abuse of your public widget endpoints. Rotate API keys on a schedule or immediately after suspicion of leak.
Incentivized testimonials carry legal and marketplace obligations. Use on-page disclosure where the product supports it, align copy with counsel, and avoid conditioning rewards on positive-only reviews—Reveddy is a tool, but your policies remain your responsibility. Similar care applies to external review prompts: follow Google and other platforms’ policies about solicitation.
For GDPR-style rights requests, your organization is typically the controller; maintain internal runbooks for exporting or deleting a customer’s testimonial when required. Reveddy’s privacy policy and terms on the marketing site describe vendor-side practices; link them from your own privacy notice where regulations require subprocessors to be listed.
Report suspected vulnerabilities through a responsible disclosure channel if published by Reveddy; do not probe production systems without authorization.