Security program

We adhere to the highest corporate data privacy and security standards because  employees’ data protection is our highest priority.

Every aspect of data processing such as, transferring, backing up, monitoring and testing of our security procedures is designed to meet industry best practice and are also legally compliant.

EU GDPR Compliant

Our practices are based on the legal framework of the European General Data Protection Regulation (EU GDPR). Companies in the European Union, or that employ people from the EU, can be assured that Effy processes their employees' personal information in accordance with legal regulations.


Application security

Secure and Reliable Infrastructure

All your data is stored using Amazon Web Services (AWS), one of the world’s leading cloud-based services. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance and are SOC 1, SOC 2, and SOC 3 certified (see Amazon whitepaper on security). The data is stored in Ireland and Germany, allowing you to meet European regulations as no data is transferred outside the EU.


Data is encrypted in-transit using bank-grade TLS 1.2 (Transport Layer Security) specifically HTTPS.All databases and database backups are encrypted using 256-bit encryption.All passwords are never stored in clear text and are always hashed and salted.

Back up data

Our data centers backup your data at least once a day. In case of an unlikely event of a problem your data is fully restorable within a reasonable time. However, we recommend backing up your data on a periodic basis since we are not a backup service. We offer such ability through our scheduled reports.

Software Development

Effy is being developed under the OWASP guidelines.  We are using manual and automatic security and vulnerability checks throughout the software development lifecycle.

Access to customer data is limited to authorized employees who require it for their job and data access is logged. To access the data two-factor authentication is provided.

Single Sign-on

Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials. All our plans include SSO at no extra cost.

Penetration Tests

Effy conducts 3rd party pentests at least annually. In addition to regular pentesting, we also use scanning tools to monitor and detect vulnerabilities

Role based permissions

For each type of request and employee cards, it is possible to set appropriate access rights (administrator, author, participant, task executor, etc.). It also supports the ability to assign viewing and editing permissions for individual columns of each step of the process.

Data Retention

Customers can request all of their data, or have it deleted by sending an email to: as long as it is not subject to a legal hold or investigation.

Once an account or project is deleted, all associated data (account settings, etc.) are removed from the system. This action is irreversible.

If you have any additional questions regarding security at Effy, please contact us at: