Privacy and Security FAQs

Mary Connaughton
Mary Connaughton
  • Updated

How does sharing work?

Private companies have full control over the transparency level of their financial data including what they share, when, and where they share that data. The Standard Transparency option shares the full FHR Report, which includes underlying financial statement data, as well as a suite of additional reports. The Limited Transparency option shares only the Limited Transparency report and analytics, which include the 0-100 FHR score, component scores, and general commentary. The transparency level can be changed at any time for any active share.


How long is the NDA effective for?

The Non-Disclosure Agreement NDA governs all activities a company undertakes within the FHR Exchange. Therefore, the term is for the duration of your membership. The NDA only needs to be signed once regardless of the number of shares a company authorizes within the FHR Exchange. The NDA is a commitment by RapidRatings to maintain high information security and privacy standards.


What is the RapidRatings notification policy?

Communications about the FHR Exchange or the services provided by RapidRatings will be provided via email or through the FHR Exchange system. Members can change their contact information through the FHR Exchange or by contacting and notifying RapidRatings in writing.

If RapidRatings is presented with a subpoena, administrative hearing, or other legal process that involves a member’s financial information, RapidRatings will notify and provide that member with an opportunity to take appropriate action if legally permitted to do so.


How do RapidRatings’ privacy policies relate to each other?

RapidRatings maintains three (3) legal documents that govern our relationships with our FHR Exchange Members – the Non-Disclosure Agreement; Discloser Terms; and the Privacy Policy.

The Non-Disclosure Agreement outlines RapidRatings' commitment to maintain and protect the confidentiality and security of your financial information. RapidRatings also agrees to not disclosure your FHR reports or financial information pursuant to a request by a third party without your authorization. You should also read the Discloser Terms and Privacy Policy to fully understand this NDA.

The Discloser Terms outline the terms and conditions that govern your access to the FHR Exchange and the RapidRatings services. This document covers many legal topics including governing law, warranties, limits of liability, and indemnification.

The Privacy Policy outlines RapidRatings' practices for collecting and processing personal identifiable information (PII) from our online portal or website. The PII that RapidRatings typically collects includes only business contact information: names, addresses, phone numbers, and email addresses. The Privacy Policy does not govern RapidRatings' use of financial information and all the terms regarding financial information can be found in the Discloser Terms.


How and where does RapidRatings store data?

RapidRatings stores data in US based data centers hosted by Amazon Web Services. All data is encrypted at rest, is backed up to geographically diverse data centers daily and is subject to stringent access, integrity, and security controls, consistent with our ISO27001:2013 certification.


What does RapidRatings do with submitted data?

Data submitted by FHR Exchange members is used to provide Financial Health Ratings and related reports. RapidRatings also uses company financial data on an aggregated, anonymous basis to support various R&D and benchmarking activities. Additionally, we may analyze data to produce insights about broad financial health trends within certain industries or regions.


How long does RapidRatings hold submitted data?

Once submitted, RapidRatings retains data indefinitely. Individuals may request removal of their personally identifiable information (PII) in line with their rights under GDPR (General Data Protection Regulation).


Does RapidRatings have any privacy and security certifications?

RapidRatings is ISO27001:2013 certified, the global standard for Information Security Management System frameworks. RapidRatings is independently audited twice per year to this standard, providing our FHR Exchange members with strong assurance of our information security capabilities. Our comprehensive information security policies are also supported by standards and controls that align to internationally recognized information security standards NIST800-53 rev 4, NIST 800-171, and ISO27002.

RapidRatings also adopts the principles set out in the EU General Data Protection Regulation (GDPR), widely regarded as the most mature set of personal data privacy regulations. See our Privacy Policy for more detail on how we handle personal data.

Was this article helpful?

3 out of 3 found this helpful

Have more questions? Submit a request