Secure and Reliable Infrastructure
All your data is stored using Amazon Web Services (AWS), one of the world’s leading cloud-based services. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance and are SOC 1, SOC 2, and SOC 3 certified (see Amazon whitepaper on security). The data is stored in Ireland and Germany, allowing you to meet European regulations as no data is transferred outside the EU.
Encryption
Data is encrypted in-transit using bank-grade TLS 1.2 (Transport Layer Security) specifically HTTPS.All databases and database backups are encrypted using 256-bit encryption.All passwords are never stored in clear text and are always hashed and salted.
Back up data
Our data centers backup your data at least once a day. In case of an unlikely event of a problem your data is fully restorable within a reasonable time. However, we recommend backing up your data on a periodic basis since we are not a backup service. We offer such ability through our scheduled reports.
Software Development
Effy is being developed under the OWASP guidelines. We are using manual and automatic security and vulnerability checks throughout the software development lifecycle.
Access to customer data is limited to authorized employees who require it for their job and data access is logged. To access the data two-factor authentication is provided.
Single Sign-on
Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials. All our plans include SSO at no extra cost.
Penetration Tests
Effy conducts 3rd party pentests at least annually. In addition to regular pentesting, we also use scanning tools to monitor and detect vulnerabilities
Role based permissions
For each type of request and employee cards, it is possible to set appropriate access rights (administrator, author, participant, task executor, etc.). It also supports the ability to assign viewing and editing permissions for individual columns of each step of the process.
Data Retention
Customers can request all of their data, or have it deleted by sending an email to: support@effy.ai as long as it is not subject to a legal hold or investigation.
Once an account or project is deleted, all associated data (account settings, etc.) are removed from the system. This action is irreversible.
If you have any additional questions regarding security at Effy, please contact us at: security@effy.ai