Governance
At Zinrelo, we are committed to ensure that customer data is collected, stored, and accessed securely, transparently, and in full compliance with relevant regulations. We adhere to robust governance practices to safeguard customer data and foster trust with our clients.
Key Standards to Ensure Vigilance in Securing Customer Data:
Data Collection & Storage
- Data Protection: We always ensure that all data collected and stored from customers is encrypted in transit. This prevents unauthorized access during the data collection process.
- Adhere to Legal Requirements: We ensure that data collection and storage practices comply with applicable data protection regulations like GDPR, CCPA. This includes providing customers with the right to access, correct, or delete their data.
- Define Retention Periods: We have established clear data retention policies that specify how long customer data will be kept. Data will only be retained for as long as necessary to fulfill the program's purpose.
- Data Backup and Recovery
- Secure Backups: Regularly backup customer data to secure, encrypted locations. Ensure that backup data is also protected by the same security measures as the primary data storage. We take backup every 24 Hours.
- Disaster Recovery Plan: We have a disaster recovery plan to ensure that customer data can be quickly restored in the event of a system failure, data breach, or other emergencies.
Data Access
- Access to admin: You can decide on giving full access or limited access to Admin. With Limited Access Admin, you can grant access to specific modules within the admin console. This role is perfect for team members who need to perform particular tasks without having full access to all settings. For example, you can allow an admin to manage points, view member profiles, or handle rewards redemptions without giving them the ability to make system-wide changes. Whereas, full access admin provides comprehensive access to all settings and functionalities within the Zinrelo admin console. Admins with this level of access can make any necessary changes to member profiles, including adding or deducting points, redeeming rewards, upgrading tiers, and more.
- Two-Factor Authentication (2FA): By implementing 2FA, Zinrelo enhances security by requiring additional verification factors beyond just a password. When an admin logs into their Zinrelo account, they must enter their email address and password (something they know), as well as an authentication code generated from an authenticator app (something they have). This dual authentication process adds an extra layer of security to verify the admin's identity and complete the sign-in securely. For more details, refer to the document here.
- Single Sign-On (SSO): With Single Sign-On (SSO), a centralized authentication process, customers can access multiple loyalty stores with a single set of login credentials. Instead of needing separate usernames and passwords for each application, customers have to authenticate once through a trusted identity provider (IdP) or authentication service. Once authenticated, they can seamlessly access the loyalty store without needing to re-enter their credentials. Refer to this document for more details.
- API Key Rotation: Within Zinrelo, you have the ability to create and manage multiple API keys, which can be used across different integrations. In the event of a compromised API key, customers have the flexibility to regenerate it swiftly, maintaining security without disruption. To learn more on how to create multiple API keys, refer to this document.
Data Audit
The Zinrelo system provides a detailed audit trail to track if an admin has changed the configuration of the loyalty program, manually awarded points to members, or redeemed points on their behalf. You can review the logs to monitor all activities within the admin console. To access the audit trail, go to General > Audit Trail.
Updated 3 months ago