Last Modified: April 13, 2018

Table of Contents

Nothing is more important to us than protecting the privacy of your data. That is why we invest heavily in our security, privacy, and compliance practices and policies.

Audits, Testing and Certifications

Bonusly regularly performs audits and maintains a number of certifications to further strengthen our trust with customers and protect their data. These include:


Bonusly is certified under both EU/US and Swiss/US PrivacyShield. Details are in the “PrivacyShield” section of our Privacy Policy.


The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organisations who collect or process personal data. It will come into force on 25th May 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security, but includes several new provisions to bolster the rights of data subjects and add harsher penalties for violations.

The full text of the GDPR can be found here and a glossary of all the legal terms you'll need to know can be found here.

As we approach May 2018, Bonusly is focused on GDPR compliance efforts. During this implementation period for the Regulation, we are evaluating new requirements and restrictions imposed by the GDPR and will take any action necessary to ensure that we handle customer data in compliance with applicable law by the 2018 deadline. We’ll be updating this page and sharing content over the coming months so don’t be a stranger to this page!

Penetration and Whitebox Testing

Bonusly hires best-in-class providers to conduct both black-box and white-box penetration/security on an annual basis.

Bonusly Security Features

Bonusly has a number of basic and advanced features that help you keep your account secure.

Bonusly provides many security features on all accounts, including:

  • Encryption of all data in transit via TLS/SSL
  • Encryption of all data at rest
  • Role-based access for users
  • Single sign-on (SSO) integrated with your organization’s SAML Identity Provider.

More Information

If you have any questions about privacy, security, or compliance, contacts us at