Security & Compliance

At Raffle, we ensure your data is secure and private, allowing you to rest assured.
GPDR
HIPAA
SOC2
We employ a variety of security techniques, depending on the product you are interested in, to give you the security and data protection required by law, and above.
Raffle for:
Public data
Private data
Security
Public data (N/A)
SOC 2 or equivalent
Data
Included in Privacy Policy
no processing on behalf of our customers
Data Processing Agreement (DPA)
processing on behalf of our customers
Privacy
Included in the DPA above
Terms
Raffle for
public data
Security
public data (N/A)
Data
Included in Privacy Policy
no processing on behalf of our customers
Privacy
Privacy Policy
Terms
General Terms and Conditions
Raffle for
private data
Security
SOC 2 or equivalent
Data
Data Processing Agreement (DPA)
processing on behalf of our customers
Privacy
Included in the DPA above
Terms
General Terms and Conditions

Security

SOC 2

At Raffle, we take security and transparency seriously. We take multiple security measures to protect both our platform and those who use it.
To prove our high commitment to strong security, availability, and privacy, we have completed the SOC 2 Type 2 certification in January 2024, which is your safety that Raffle continuously upholds the highest standards within these areas. We are very serious about security and display this through our certifications.
Read our SOC2 Report
SOC2 badgeSOC2 badge

Infrastructure

Our products run on a dedicated network which is locked down and carefully monitored. We work with industry leading partners (FRSecure and Drata) and risk response teams to ensure that we continuously and effectively monitor, manage and evaluate risks.
Any questions or comments relating to Raffle security can be submitted to security@raffle.ai

Data Protection

Raffle is on top of new regulations and laws, so you do not have to, ensuring compliance on all levels and across different countries.

European Union General Data Protection Regulation (GDPR)

Since May 25th, 2018, the GDPR has increased regulation and use of European citizens' data, increasing the privacy and security of personal information. Raffle was founded in mid-2018, which is why Raffle has been fully compliant with GDPR among other standard privacy regulations from the very beginning and has never compromised. Raffle will make sure to safely guide you through what is needed. When relevant to the services Raffle provides, we enter into a Data Processing Agreement (DPA, to protect both parties) performed by leading European Law firm Kromann Reumert (the winner of the prize: Europe's best law firm, three years in a row).

US HIPAA legislation

The United States of America Health Insurance Portability and Accountability Act of 1996 protects sensitive patient healthcare information from being disclosed without approval or knowledge of the patient. Since Raffle was founded in mid-2018 we have been dedicated to security and compliance without compromise. We are committed to being transparent and protecting our customers if there is any health data in the sources that raffle is searching.

Location of Data

For our customers in the EU the location of our Azure Data Center is West Europe (Netherlands) and data will never leave the EU. In a disaster recovery situation, our systems are guaranteed to be started up in another EU-based data center. Furthermore, we have Customer Lockbox enabled on our Azure subscription, which ensures that Microsoft cannot access content to do service operations without our explicit approval.

For our customers in the US the location of our Azure Data Center is in the US (New York). In a disaster recovery situation, our systems are being started up in the US or in an EU-based data center. Furthermore, we have Customer Lockbox enabled on our Azure subscription, which ensures that Microsoft cannot access content to do service operations without our explicit approval.

Access Management

With data security comes data access, and such access can be managed in the Raffle back end by authorized users in your company. Access management lets you control who sees what data in Raffle-generated search results, so different people will see different answers and/or linked data sources (e.g. documents within an intranet) according to their security/permission profiles; even if their search queries may be identical in phrasing. This security feature is highly relevant for Workplace Search.

Does Raffle for Public Data need a DPA?

The intention with raffle Search and Chat on the website is to give answers to questions that would normally be placed in a search on the website. In other words it is not the intention - and we would not ask- for users to put in personal information on the website.
However, if your users should do that anyway, raffle will anonymise this, as raffle do not need or want to store any personal information that the users may key in. All numbers and names are getting anonymised automatically. As this anonymisation is on behalf of us (raffle) and not on behalf of you (the customer), we are not processing your data but instead controlling the data that we are anonymising.
Raffle do not use or store the IP of your website users, when they use the raffle Search or Chat. Therefore, we do not know the users, nor can we track back to any information on the user. As raffle is not a marketing tool, raffle has no need for this information.
If you have employee information on your website, your employees has to have specifically approved to have their personal information on the website, as this content will now be regarded as public for searches like Google, Yahoo, Bing and Raffle to search.
Therefore we do not need a DPA when it comes to website search.

Generally on data

Data storage

The Customer Data is stored in a PostgreSQL database in the Azure Cloud. It includes scraped content from customer documents (not in their original form, but broken into smaller sections), and anonymized search queries.
All data is encrypted at rest with AES 256 and uses TLS for communication on the wire.

Data in transit

To protect data in transit between our app and our servers, raffle.ai supports the latest recommended secure cipher suites to encrypt all traffic in transit, including the use of TLS 1.2 protocols, AES256 encryption, and SHA2 signatures, whenever supported by the clients.

Data at rest

Data at rest in raffle.ai’s production network is encrypted using industry-standard 256-bit Advanced Encryption Standard (AES256), which applies to all types of data at rest within raffle.ai’s systems, relational databases, file stores, database backups, etc.

Development practices

In Raffle, we follow a set of development practices, to ensure the our systems are at all time running and functioning according to our commitments:
All code changes are thoroughly tested and reviewed according to our change processes.
All code changes are tested in a staging environment before deploying to production.
We perform weekly vulnerability scans against our main endpoints to detect weaknesses.
We conduct a periodic third party manual penetration testing of our web applications. 
We use several tools and services to automatically monitor uptime and Services availability. Key employees receive automatic notifications in the case of downtime or emergencies.
We use automatic security vulnerability detection tools to alert us when our dependencies have known security issues.

Risk Assessment Process

Raffle has established an organization-wide risk assessment process to identify and manage information security risks across the organization. Raffle regularly reviews the risks that may threaten the achievement of its service commitments and system requirements related to security.
Raffle’s Risk Assessment process takes into account a number of factors each of which contributes to both the likelihood and potential impact of a given risk. These include:

Business processes

The criticality of potentially impacted business processes as laid out in the Business Continuity and Disaster Recovery Policy.

Data protection

Whether a risk could potentially impact the confidentiality, availability, integrity, or privacy of customer data.

Raffle's objectives

The ability of the risk to impact Raffle’s business objectives.

Raffle's customers

Potential impact to Raffle’s customers or vendors

Money

Potential monetary loss.

Security Policies

Raffle has adopted the following Security Policies (maintained and reviewed yearly):
  • Acceptable Use Policy
  • Asset Management Policy
  • Backup Policy
  • Business Continuity Plan
  • Code of Conduct
  • Data Classification Policy
  • Data Deletion Policy
  • Data Protection Policy
  • Disaster Recovery Plan
  • Encryption Policy
  • Incident Response Plan
  • Information Security Policy
  • Password Policy
  • Physical Security Policy
  • Responsible Disclosure Policy
  • Risk Assessment Policy
  • Software Development Life Cycle Policy
  • System Access Control Policy
  • Vendor Management Policy
  • Vulnerability Management Policy
Discover more about our Security Policy
SOC2 badge
SOC2 badgeSOC2 badge

Solutions

OverviewAI SearchAI Chat AssistantAI InsightsUI ComponentsIntegrationsPricing

Features

Raffle SummaryInstant AnswersSupport ChannelsTop Questions

Industries

Public & UtilitiesEducationTelco & EnergyUnion

Company

About RaffleCustomer StoriesPartnership ProgramCareerNewsroomContact UsGet StartedRequest a Demo

Resources

Security and ComplianceTerms and ConditionsSupportImplementationTechnologyIntegrationsAPI
© 2024 raffle.ai
PrivacyCookiesNordics: +45 4290 9050Benelux: +31 20244 2319 UK: +44 20 3966 5755US: +1 929-207-4717