We adhere to the highest corporate data privacy and security standards because employees’ data protection is our highest priority.
Every aspect of data processing such as, transferring, backing up, monitoring and testing of our security procedures is designed to meet industry best practice and are also legally compliant.
.svg)
Our practices are based on the legal framework of the European General Data Protection Regulation (EU GDPR). Companies in the European Union, or that employ people from the EU, can be assured that Effy processes their employees' personal information in accordance with legal regulations.
All your data is stored using Amazon Web Services (AWS), one of the world’s leading cloud-based services. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance and are SOC 1, SOC 2, and SOC 3 certified (see Amazon whitepaper on security). The data is stored in Ireland and Germany, allowing you to meet European regulations as no data is transferred outside the EU.
Data is encrypted in-transit using bank-grade TLS 1.2 (Transport Layer Security) specifically HTTPS.All databases and database backups are encrypted using 256-bit encryption.All passwords are never stored in clear text and are always hashed and salted.
Our data centers backup your data at least once a day. In case of an unlikely event of a problem your data is fully restorable within a reasonable time. However, we recommend backing up your data on a periodic basis since we are not a backup service. We offer such ability through our scheduled reports.
Effy is being developed under the OWASP guidelines. We are using manual and automatic security and vulnerability checks throughout the software development lifecycle.
Access to customer data is limited to authorized employees who require it for their job and data access is logged. To access the data two-factor authentication is provided.
Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials. All our plans include SSO at no extra cost.
Effy conducts 3rd party pentests at least annually. In addition to regular pentesting, we also use scanning tools to monitor and detect vulnerabilities
For each type of request and employee cards, it is possible to set appropriate access rights (administrator, author, participant, task executor, etc.). It also supports the ability to assign viewing and editing permissions for individual columns of each step of the process.
Customers can request all of their data, or have it deleted by sending an email to: support@effy.ai as long as it is not subject to a legal hold or investigation.
Once an account or project is deleted, all associated data (account settings, etc.) are removed from the system. This action is irreversible.
If you have any additional questions regarding security at Effy, please contact us at: security@effy.ai
