Last updated on May 05, 2024

Organizational security

Infrastructure Security

We use Heroku and Ngrok to establish secure hosting bridges between Shopify and AWS. This setup is crucial for our staging and production processes, ensuring that our platform remains robust against security threatsz

Security Measures: Both Heroku and Ngrok are selected for their commitment to security, providing features such as encrypted data transmission, secure data processing environments, and compliance with industry-standard security certifications. These measures are part of our layered security strategy to protect against data breaches and cyber threats.

Heroku and Ngrok’s Role: By integrating Heroku and Ngrok into our platform, we enhance our ability to securely manage and scale our product development. These services enable us to maintain high-security standards for our data hosting and processing activities, ensuring that our user data is protected throughout our infrastructure.

Cloud Security

Secure Cloud Infrastructure

Reviews Junction leverages Amazon Web Services (AWS) for hosting all of our services. AWS maintains a comprehensive security program, including numerous certifications, to ensure the highest levels of security. For detailed insights into the security measures and protocols AWS implements, please visit AWS Security.

Data Hosting and Protection

Our data resides exclusively on AWS databases, all of which are situated within the United States, adhering to stringent security standards. For more specifics on the security practices, refer to the vendor documentation provided in the link above.

Data Encryption Standards

  • Encryption at Rest: We ensure that all databases storing sensitive information are encrypted at rest, safeguarding your data against unauthorized access.
  • Encryption in Transit: Communication with our applications is secured through TLS/SSL encryption, protecting data as it moves across the internet.

Proactive Security Measures

  • Vulnerability Scanning: Reviews Junction conducts regular vulnerability scans and actively monitors for any potential threats to maintain a secure environment.
  • Logging and Monitoring: Our team continuously logs and monitors cloud services to detect and respond to security incidents promptly.

Ensuring Business Continuity

  • Backup and Recovery: We utilize Mongo's backup solutions to minimize the risk of data loss from hardware failures, ensuring that our services remain available and reliable. Monitoring for Resilience: Our monitoring systems are designed to immediately alert our team to any issues, enabling swift action to prevent or minimize user impact.

Incident Management

  • Response to Security Incidents: Reviews Junction has established a comprehensive incident response protocol. This includes steps for escalation, quick mitigation of threats, and transparent communication with stakeholders.

Reviews Junction is committed to maintaining the highest standards of cloud security, ensuring that our infrastructure and your data are protected through advanced technologies and rigorous protocols.

Access Management and Security Protocols

Seamless Integration with Shopify OAuth

At Reviews Junction, ensuring secure and efficient access to our cloud infrastructure and sensitive tools is our top priority. We exclusively use Shopify OAuth for all authentication processes. This streamlined approach eliminates traditional permissions and passwords, providing a secure, efficient, and simplified access management system that is fully integrated with Shopify’s robust security framework.

Adhering to the Principle of Least Privilege

Reviews Junction is committed to best security practices, including the principle of least privilege. This means access is meticulously managed to ensure team members have only the necessary permissions to fulfill their roles, all facilitated through Shopify OAuth. This minimizes potential security risks and enhances our platform’s integrity.

Regular Access Audits

To further safeguard our systems and data, Reviews Junction conducts thorough quarterly reviews of access privileges. During these audits, we assess and adjust the access rights within our Shopify OAuth framework to ensure they remain aligned with individual roles and responsibilities, maintaining a secure and efficient operational environment.

Optimizing Security Without Traditional Passwords

Given our reliance on Shopify OAuth for authentication, the conventional password policies do not apply to the majority of our operations. This reliance on Shopify’s OAuth technology allows us to benefit from their advanced security measures, including secure token-based authentication, which significantly reduces the risks associated with password management.

Leveraging Shopify's Security Measures

By integrating with Shopify OAuth, Reviews Junction benefits from Shopify’s cutting-edge security protocols. This integration ensures that our team and our users enjoy a secure, reliable, and user-friendly experience without the complications of managing and remembering multiple passwords or undergoing additional security checks like SSO and 2FA.

Reviews Junction is dedicated to maintaining a secure, accessible, and efficient platform. Through our exclusive use of Shopify OAuth for authentication, we ensure that our infrastructure remains protected, while also providing a seamless experience for our team members and users alike.

Vendor and Risk Management

Annual Risk Assessments

Reviews Junction conducts annual risk assessments to proactively identify and address potential threats, with a particular focus on fraud prevention. These comprehensive evaluations ensure our operations remain secure and resilient.

Vendor Risk Management

Before onboarding new vendors, Reviews Junction rigorously assesses vendor risk. This evaluation process is crucial to ensuring that all vendors meet our strict security and reliability standards, safeguarding our operations and data integrity.

Contact Us

If you have any questions, comments or concerns or if you wish to report a potential security issue, please contact