Compliance at ReCollect

Security

ReCollect conducts annual security audits with a third party security auditor. This auditor is certified by the Information Systems Audit and Control Association (ISACA) as a Certified Information Systems Auditor, certified in Risk and Information Systems Controls (CRISC), and Certified in the Governance of Enterprise IT (CGEIT). To keep customer data as safe as possible, we make use of best-in-class security tools and modern software development practices to maintain a high level of security.

All of ReCollect’s services operate exclusively over TLS (SSL) by use of HTTP Strict Transport Security (HSTS). This includes our public website, web widgets, REST APIs and admin tools.

Our security team rapidly investigates all reported security issues. If you believe you’ve discovered a vulnerability in ReCollect’s security, please get in touch at security@recollect.net (optionally using our PGP key). We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by ReCollect.

Read more about Security at ReCollect in our blog.

Accessibility

Certified WCAG AA Badge davidberman.com 2018

ReCollect conducts annual accessibility audits with a highly regarded, CWPA certified accessibility auditor. ReCollect’s web tools have been certified as conforming to the applicable Level A and Level AA success criteria of the W3C WCAG 2.0 Guidelines. ReCollect tools are designed for inclusion, and we believe that they should be easy to use by everyone, regardless of age or disability. Additionally, you can rest assured that providing ReCollect’s service to your residents or customers will not open you up to lawsuits under the many accessibility laws around the world.

ReCollect’s mobile apps are currently being audited, and are expected to be certified compliant during the summer of 2018.

Certified Section 508 Compliant davidberman.com 2018

ReCollect web tools have also been certified as compliant with Section 508 of the Rehabilitation Act of 1973. This is a law in the United States that requires federal agencies to meet a strict set of accessibility requirements. Additionally, many states also require compliance with Section 508, and the American Disability Act prohibits requires that all public websites are accessible to people with disabilities. Our Voluntary Product Accessibility Template® may be requested by emailing support@recollect.net.

Read more about Accessibility at ReCollect in our blog.

Privacy

ReCollect is built using the principle of Privacy by Design. We only collect the minimal amount of information required to offer our service, and personal data is removed as quickly as reasonably possible once it is no longer needed. ReCollect complies with all applicable privacy laws in jurisdictions where it operates, including the GDPR in the European Union when it goes into effect on May 25, 2018. If you have any questions about ReCollect’s privacy practices, please contact our Data Protection Officer at privacy@recollect.net.

Read more about Privacy at ReCollect in our blog.