Security at Referral Rock


Our customers ask us about Referral Rock's security program on a regular basis. As a general rule, we don’t want to expose detailed information about our security program because we don’t want to provide intelligence to bad actors.

However, we realize information security is imperative and our customers need to know that we are employing a security program to protect their information. To this end, we have outlined at a high level the measures we take to protect our customer’s data.


Referral Rock is ISO/IEC 27001 and SOC II Type 2 Certified through our third-party systems, including:

Third-Party Data Protection Agreements available upon request.

Data Center Security

  • We leverage Microsoft Azure to provide infrastructure services to host our environment.
  • By using Azure, Referral Rock is able to take advantage of their sophisticated security environment, logging, identity, and intrusion protection systems, and focus on our software and your data.
  • Referral Rock has multiple geo-located environments and backups ready to go live in the event of a disaster.
  • All databases are encrypted at rest and over transmission.

Application Level Security

  • Referral Rock routinely scans its applications for vulnerabilities and security issues, and we promptly remediate any issues we find.
  • Referral Rock utilizes an exercised Assessment and Response Policy to monitor and respond to any risks or incidents.
  • Referral encrypts all data and traffic. 

Culture of Security

  • Our CEO and Tech Lead have over 30 years combined experience in enterprise-level information security including development for Walmart, Aflac, and the US Government. 
  • We have a security policy for securing the integrity, confidentiality, and availability of customer data, and protecting customer data against any unauthorized or unlawful acquisition, access, use, disclosure, or destruction.
  • All of our employees with access to confidential information or customer data are required to read and acknowledge our security and acceptable use policy.
  • We conduct annual security awareness training and quarterly threat briefings to ensure our team is aware of the latest attack trends.
  • We limit access to the production database and servers to a few select senior staff.
  • Our security team is involved throughout our development and operations processes and cycles to ensure we incorporate security best practices into the product and environment.


We want to ensure we’re protecting your customer data. If we see accounts with signs of suspicious activity, we take immediate action. If you have any questions, please email us at

Investing in Your Privacy


Referral Rock has established a comprehensive liability insurance program that works in conjunction with our security program. This program has been designed to provide coverage for a wide variety of business, technology and security issues.

Referral Rock only works with highly reputable and highly rated insurance carriers.

 Last updated: March 18, 2021