Trust Center

Updated: 12/21/2024

Welcome to Referral Rocket’s Trust Center. We are dedicated to protecting your data — including the information of your team members, customers, and affiliates. In this Trust Center, you'll find information about our security practices, how we handle privacy, and the measures we take to safeguard your data.

How Referral Rocket Works

Referral Rocket helps you manage and track referral and affiliate programs. Our service is built on a few key components:

1. Tracking Script: A JavaScript script is used to track visitors referred to your website. This script adds a cookie to their browser to identify referred traffic.

2. Customer Data Integration: We connect with different integrations, linking the tracking data to your customer records. This helps us track purchases and associate them with the correct referrer.

3. Referral Commission Calculation: With this data, we can calculate commissions for affiliates based on referred purchases, ensuring proper tracking and payment.

4. Reward Issuance: We allow you send manage rewards on our platform. You can send gift cards, coupons, or simply manage rewards manually via our system.

Our Responsibility to Your Data

At Referral Rocket, we recognize the importance of the data we collect, store, and process on your behalf. We handle data in two key roles: as a data controller and as a data processor, depending on the context.

1. Data Controller: When we store user data about you, the customer — such as your name, email address, and account details — we act as a data controller. As a data controller, we are responsible for responding to data access requests or deletion requests, ensuring that your personal data is handled appropriately.

2. Data Processor: When we handle user data about your customers or affiliates — such as their names, email addresses, and transaction details — we act as a data processor. In this role, we process data on your behalf, based on your instructions. We cannot respond to data access or deletion requests from your customers or affiliates directly; instead, we will refer them back to you, the program manager, for action.

How We Handle Your Data

As both a data controller and processor, we adhere to best practices in data protection, in line with industry standards like the GDPR, CCPA, and other privacy regulations. Our commitment includes:

• Contractual Assurances: We provide clear, legally binding agreements on how we handle your data.

• Data Protection Measures: We implement technical and organizational measures (TOMs) to safeguard your data, which include encryption, secure storage, and access control policies.

---

Legal Agreements

When using Referral Rocket, you may agree to the following legal agreements depending on your context:

• Data Processing Agreement (Not by default, Available on request)

• Privacy Policy

• Terms of Service

• Security

These agreements outline how we handle your data, as well as your rights and responsibilities regarding privacy and security.

Technical and Organizational Measures

Referral Rocket takes several steps to protect your data through both technical and organizational measures. Some of these measures are:

• Technical Measures: We use industry-standard encryption (SSL) to secure data during transmission. Sensitive information, such as API keys or transaction details, is encrypted at rest.

• Organizational Measures: We maintain internal policies to protect data, including access control procedures, employee training on data privacy, and periodic security audits.

It’s important to note:

• Referral Rocket is a remote-first company with no physical offices.

• We rely on cloud-based infrastructure providers, ensuring limited physical exposure.

Our application is hosted on Amazon Web Services (AWS) and Digital Ocean, one of the leading cloud service providers, which adheres to strict security and compliance standards, including:

• SOC 1, SOC 2, SOC 3

• PCI DSS Level 1

• ISO 27001, ISO 27017, ISO 27018

• FedRAMP, FISMA, DIACAP

For more information on AWS security and compliance practices, please refer to their security documentation.

View Digital Ocean Trust Certificates here.

Sub-Processors

As a cloud software provider Referral Rocket uses a variety of cloud services to deliver our service to our customers. If any of these services are used to collect, process or store our customers’ data we will only work with vendors who provide us with a Data Processing Agreement, and that the vendor handles data in accordance with the GDPR and equivalent legislation.

‍List of subprocessors

Data Protection Inquiries

For any inquiries around data protection, to request a signed Data Processing Agreement, or any questions about how we handle data protection, please email support@referralrocket.io