Frequently Asked Question
Please reach out for any additional questions
General question and answers about service
The answer is most likely, yes. One thing you can do is to ensure there are questions on employee recognition in your organization’s employee surveys. The results can be used to prove the need for greater employee recognition.
Surveys conducted by Sirota Consulting revealed that only 51% of workers were satisfied with the recognition they received after a job well done. This figure is as conclusive as you could get – it resulted from interviewing 2.5 million employees in 237 private, public and not-for-profit organizations in 89 countries around the world over 10 years.
This is by no means a comprehensive or complete list but these are just a few:
This is a tougher one to answer. We'd rather approach this question from a different angle.
Even if you aren’t a manager, you can be alert for opportunities to recognize others and take the initiative to do something. You can nudge your manager to do more of it and to encourage it in other departments.
The best formula for recognizing an individual for their efforts is:
Question and answers about pricing
We do this to make the set-up process as seamless as possible. It's much easier to get the hard stuff out of the way in advance rather than gathering it in bits and pieces along the way (according to customers). Don't worry, we'll never charge you for anything unless you've turned on a premium feature or exceeded the free number of seats, which is 10 team members. The nice part is that should you ever want to engage with a premium feature or add an 11th member, your account is already ready to go.
It's free for 1-10 team members.
It's $3/mo/seat for teams greater than 10 and not exceeding 100.
For enterprise clients, it's typically handled through some negotiation and depends on the features you would like to activate.
Yes. Gift cards are covered by the employer or team lead/owner. Gift cards have a 1:1 dollar value. It's up to you to set a budget of carrots which can be handled in the Admin section.
We recommend exchange rates of 10:1, 20:1, and up to 100:1 with a monthly budget range of $5 to $20. Every company does it differently. Some companies exclusively use Culture Rewards (custom rewards) only which can be set up in admin as well here, Culture Rewards.
Question and answers about accounts
Yes. We have an activity dash in our admin section here, Activity Report. In the activity report, you can filter by send name, receiver name, carrots given, and post status.
What are the status types and what do they mean?
We have an invite section in admin here, Invite Table. To invite to members, you have three options:
Protecting customer data is a top priority at CarrotHR. We understand you are trusting us with your data and we take the responsibility of securing it extremely seriously.Infrastructure
System Architecture: CarrotHR's architecture is designed to be secure and reliable. We use an n-tier architecture with firewalls between each tier and additionally within certain tiers between services. Services are accessible only by other services that require access. Access keys are rotated regularly and stored separately from our code and data.
Failout and Disaster Recovery: CarrotHR is built with fault tolerance capability. Each of our services is fully redundant with replication and failover. Services are distributed across multiple AWS availability zones. These zones are hosted in physically separate data centers, protecting services against single data center failures.
Data Centers: Our application is hosted and managed within Amazon Web Services (AWS) secure data centers. These data centers have been accredited under:
SOC 1 and SOC 2/SSAE 16/ISAE
3402 (Previously SAS 70 - Type II)
PCI Level 1
We make extensive use of the capabilities and services provided by AWS to increase privacy and control network access throughout our system. Documents that provide more details about AWS security are available at AWS Whitepapers.
Vulnerability Scans & Pentesting: CarrotHR uses security tools to continuously scan for vulnerabilities. Additionally, vulnerabilities in third-party libraries and tools are monitored and software is patched or updated promptly when new issues are reported.
The system regularly undergoes third-party security reviews and penetration testing to identify potential vulnerabilities and ensure that they are addressed.
Firewall: Our servers are protected by firewalls and not directly exposed to the Internet.
Data Data Storage: CarrotHR data stores are accessible only by servers that require access. Access keys are stored separately from our source code repository and only available to the systems that require them. Additionally, production environments are sandboxed from testing environments.
Backups: We maintain secure encrypted backups of important data for one year. We do not retroactively remove deleted data from backups as we may need to restore it, if removed accidentally. Backup data is fully expunged after one year.
Logs: We aggregate logs to secure encrypted storage. All sensitive information (including passwords, API keys, and security questions) is filtered from our server logs. Log data is fully expunged after one year.Authentication & Passwords
We never store passwords in a form that can be retrieved. Instead, we store an irreversible cryptographic hash using a function specifically designed for this purpose. Authentication sessions are invalidated when users change key information and sessions automatically expire after a period of inactivity.
Monitoring: We monitor and rate limit authentication attempts on all accounts. Our system automatically blacklists any IP addresses responsible for suspicious authentication activity.
User roles: We provide multiple user roles with different permissions levels within the product. Roles vary from account admins to users.Encryption
HTTPS: All CarrotHR web traffic is served over HTTPS. We force HTTPS for all web resources, including our REST API, web app and public website. We also use HSTS to ensure that browsers communicate with our services using HTTPS exclusively. Additionally, we use only strong cipher suites.
Encryption: Our primary databases, including backups are fully encrypted at rest. In addition, all archives and logs are fully encrypted at rest. We use industry standard encryption algorithms.Policies
CarrotHR has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with employees.
Incident Response: CarrotHR has a defined protocol for responding to security events.
Security Training: All employees complete security training when they join and are continually refreshed.Confidentiality
All employees have signed confidentiality agreements with CarrotHR.PCI compliance
All credit card payments paid to CarrotHR go through our payment processing partner, Stripe. Details about their security posture and PCI compliance can be found at Stripe’s Security page.Disclosure
If you have any concerns or discover a security issue, please email us at firstname.lastname@example.org and we will quickly investigate. We request that you do not publicly disclose any issue you discovered until after we have addressed it.
Question and answers about 3rd party integrations
Go to Admin > Settings > Integrations or just go straight here, Integrations.
Once you're on the integrations page, proceed by clicking "Add to Slack" button to begin connecting to your companies workspace.
Follow the next step and feel free to adjust the channel name from #givecarrots, but we recommend keeping it for clarity and slack sanity. Finish the setup by clicking "Finish Installation" and accepting our permissions.We in no way abuse our Slack privileges and never use it to read your content on Slack.
If you have any requests for integrations, please do not hesitate to reach out to our customer support through intercom in the lower right on CarrotHR.com or email us at email@example.com.