Privacy Policy

Version 2.0, Revised November 17, 2024

Review Star is a product of Twomile Heavy Industries, Inc. This privacy policy (“policy”) will help you understand how Twomile Heavy Industries (“us”, “we”, “our”) uses and protects the data you provide to us when you use the Review Star system (“platform”, “website”, “service”). This policy may be updated from time to time, and you are encouraged to review this page periodically.

Data We Collect

As a Customer of the platform (person creating a paid account for the purpose of creating forms, collecting and reviewing submissions), we collect contact and account management information including:

  • Email address
  • Business or organization name
  • Account name
  • Form organization and field data
  • Review organization and scoring data
  • Message content and send history for messages sent to Submitters and Reviewers
  • Submission organization information (tags, tag associations, selection groupings, selection assignments)
  • Automation information (auto-tag, auto-assign, and auto-notify information)
  • Modification history for submissions and forms

As a Submitter (person submitting information to a customer form – e.g., an artist, speaker, or writer) information is collected by the platform according the structure and intent of the Customer’s form, including:

  • Email address
  • Other information requested in the submission form
  • Modification history for submissions

As a Reviewer (person reviewing and scoring submissions) information is collected by the platform according to the structure and intent of the Customer’s review process, including:

  • Email address
  • Review scores
  • Review comments

For all users of the platform, we collect general visitor and use information:

  • Time and data of visit
  • IP address
  • Application forms and screens used

This visitor and use information is collected independently of the platform using our in-house, private analytics software matomo.twomile.com). Visitor and use information held independently and is not combined with Customer and Submitter data. No visitor activity is collected by any third-party systems such as Google Analytics.

Why We Collect Your Data

We are collecting your data for several reasons:

  • To provide a unique, secure login for you and access controls for your information
  • To collect Submission information on behalf of our platform Customers, for their use in review, scoring, and selection
  • To understand frequency of use patterns, potential problems, and potential improvements across our platform functions
  • To identify materials on the platform which are obscene, illegal, defamatory, threatening, infringing of intellectual property rights, invasive of privacy or injurious in any other way to third parties, and the sources of those materials

We are not collecting your data for:

  • Sale, sharing, or distribution to any third parties
  • AI training, model development, or any similar purpose

Cookie Policy

Browser cookies are required for authentication and authorization (i.e., logging in) on the platform, and are required for use by our platform Customers.

Cookies are not required for Reviewers, and they are not required to submit information on a Review Star form. If you are an artist, speaker, writer, or other Submitter you are not required to enable browser cookies to submit the form.

Cookies from Review Star are used only on the Review Star platform. They are not used for tracking behavior elsewhere on the internet.

Safeguarding and Securing User Data

All platform systems are hosted on dedicated hardware, and managed by Twomile staff and trusted contractors. No outside parties have operating system or user access to this equipment.

The physical hardware is located in a secure data center with redundant power and network connectivity, provided by Wholesale Internet (USA).

System and user data are secured using industry best practices and protocols such as HTTPS/TLS, hardened operating systems and APIs, network firewalls, strong encryption, and nightly backups, with multi-location redundancy.

We are committed to securing your data and keeping it confidential. We actively work to prevent data theft, unauthorized access, and disclosure by regularly engaging cybersecurity professionals for penetration testing and security consultation.

Third-Party Data Access

All platform data processing and storage is handled by Twomile Heavy Industries, Inc. with the following exceptions:

  • Image and file storage using Amazon S3 (USA)
  • Platform email delivery (e.g., system notifications, submission confirmations) using SendGrid (USA)

The data storage, processing, and security of these vendors is managed according to their respective privacy policies and service agreements.

Policy Compliance

Broadly speaking, we aim to meet or exceed the privacy, security, and data collection standards described in globally-recognized policies such as Europe’s General Data Protection Regulations (GDPR) and California’s Consumer Privacy Act (CCPA).

If you find an instance where you think the Review Star platform should be improved to better align with GDPR and CCPA standards, please contact us so that we may work toward a solution.

GDPR – General Data Protection Regulation (EU)

We are a US-based company, and the following statements describe our alignment with the GDPR checklist for US companies:

  • The data controller for all Review Star platform data is Twomile Heavy Industries Inc.
  • We audit personal data for all, including EU, customers. This process is ongoing and personal data are routinely reviewed for relevance and currency. Personal data is removed on request, or when a customer becomes inactive, whichever happens first.
  • This Privacy Policy and our Terms of Service provide concise, plain language descriptions of why personal data are collected and how they are used. Use of the Review Star platform constitutes agreement to the terms of service, thereby meeting the requirement to inform customers about the purpose of collecting data.
  • All data processing is performed by Twomile Heavy Industries using in-house systems, except as described above (see “Third-Party Data Access”). Data processing activities and vendor agreements are reviewed regularly and adjusted as required.
  • The President of Twomile Heavy Industries Inc. has responsibility and accountability for data protection and acts as the Data Protection Officer.
  • We do not currently employ a representative based in the European Union. We welcome the business growth that would support such an expansion. Until such time we take care to stay abreast of data protection law globally.
  • In the case of a data breach all customers and relevant reporting authorities required in the United States as per the conditions of Ohio and US federal law.
  • As described in this policy (see “Safeguarding and Securing User Data”), all data are collected and processed within the United States. If you are an EU organization, use of the platform may constitute a cross-border transfer of personal data to a non-EU country.

CCPA – California Consumer Privacy Act (USA)

Our policy is to meet or exceed the data protection, privacy, and security requirements identified in the CCPA.

Data Removal

Data for Customers, Reviewers, and Submitters is retained indefinitely for active Customers (i.e., Review Star Customers with one or more submission forms and an active, paid account). After a Customer account becomes inactive, all Customer, Reviewer, and Submitter data related to that account is removed after an expiration period (90 days).

If you wish to remove your Submission or Review data from an active account, you can initiate this process by contacting us with your data removal request including relevant email address(es).

If you wish to remove your Customer data (including related Submission and Review data), you can initiate this process by contacting us with your data removal request including relevant email address(es) and Customer account name.

Questions and Problem Resolution

For any questions or concerns related to data collection, security, privacy, or this policy please contact us. We will first seek to resolve any dispute related to your use of Review Star directly with you according our policies and legal obligations. If agreement cannot be reached, disputes shall be arbitrated by state or federal court in Ohio, USA. By using Review Star, you consent to the exclusive jurisdiction and venue of such courts.

###