Security

Built for trust at every layer.

Reviews are reputation infrastructure. We protect the data behind them with hardened defaults, isolated environments and controls you can audit.

Read trust report Book a demo

TLS 1.3 + AES-256 SOC 2 Type II GDPR + UK DPA 2018 99.99% uptime

Security · live signal

Uptime

99.99%

Rolling 12 months

Mean response

11m

Sev-1 incidents

Pentest cycle

Q1·Q3

Independent firm

Audit events

100%

Tamper-evident

Verified & audit-logged

99.99%

Uptime

11m

Mean response

Q1·Q3

Pentest cycle

100%

Audit events

Capabilities

Everything you need, animated into one workflow.

Encryption everywhere

TLS 1.3 in transit, AES-256 at rest, per-tenant key isolation on enterprise plans.

Learn more

SOC 2 aligned

Access reviews, change management, vendor risk and incident response mapped to SOC 2 TSC.

Learn more

SSO & SCIM

SAML 2.0 and SCIM 2.0 for Okta, Entra ID, JumpCloud and Google Workspace.

Learn more

Tamper-evident audit log

Every moderation, reply, invite and admin action signed and queryable.

Learn more

Network isolation

Tenant-scoped storage, private VPC peering and IP allow-listing on request.

Learn more

Resilient infra

Multi-AZ Postgres, point-in-time recovery and tested failover runbooks.

Learn more

Live preview

Verification ladder you can prove.

Every review carries a signed verification tier. Buyers see the difference between an open submission and a client-confirmed engagement — and you can audit every step.

Client Confirmed

Matched against engagement records

Invitation Verified

Submitted via tokenised invite

Email Verified

Confirmed via secure email loop

Unverified

Open submission, no source proof

Defence in depth

Six layers from request to storage.

Edge

WAF, rate limits, bot heuristics and TLS 1.3 termination.

Identity

SSO, SCIM, hardware-key MFA and role-scoped sessions.

Service

Signed RPC, per-tenant secrets, ephemeral credentials.

Data

AES-256, KMS-rotated keys, PITR and immutable audit log.

Comparison

How ScoreReview compares on security posture.

Independent reviews demand independent infrastructure.

Capability	ScoreReview	Trustpilot	Google Reviews
SOC 2 Type II report
Per-tenant key isolation
SCIM 2.0 provisioning
Tamper-evident audit log
EU + UK data residency
Signed webhooks

Included on every plan

Security isn't an upsell.

Role-based access control with custom roles
Scoped API keys per environment
Webhook signature verification
Backups with point-in-time recovery
Rate limiting and abuse detection
Quarterly penetration testing summary

Security FAQ

The questions our security team gets most.

Primary regions are London (eu-west-2) and Dublin (eu-west-1). US tenants can opt into us-east-1. We do not replicate review data outside the chosen region.

Built for trust at every layer.

Everything you need, animated into one workflow.

Encryption everywhere

SOC 2 aligned

SSO & SCIM

Tamper-evident audit log

Network isolation

Resilient infra

Verification ladder you can prove.

Six layers from request to storage.

Edge

Identity

Service

Data

How ScoreReview compares on security posture.

Security isn't an upsell.

The questions our security team gets most.

Run reviews on infrastructure you can audit.