At Echo we employ industry-accepted best practices and frameworks to keep your data safe.
Echo is currently hosted at AWS and we utilize a range of available tools to ensure security of our private cloud. Regular security scans are performed using automated tools to ensure limited access and appropriate configuration. We utilize multiple environments to develop and test our code ensuring multi-stage verification before production code is deployed.
External platforms used by our team are selected based on their security posture and multi-factor authentication is always enabled where possible.
Echo follows "airtight" approach to our instances — once launched, our instances do not allow any outside access other than required to perform their functions to ensure maximum security.
All data is encrypted both in transit and at rest. Where available, we utilize built-in secure storage capabilities in addition to encrypting your data with keys unique to your workspace.
Data related to every workspace is logically separated from other workspaces and encrypted using different encryption keys. Workspace data is backed up regularly and such backups are retained for 7 days. By design, Echo offers archiving vs removal capabilities (for example, messages are never removed and can always be restored.) but we offer both policy and security customization options to suit your needs.
We routinely update our database engines as security updates become available.
Our team does not have access to any messages or other data related to your workspace. Your data is only accessed by the code at runtime and access to the code is strictly controlled as described further in the "Secure Development Practices" section. Limited information about your workspace (such as size, age, title, etc) and its members (such as name, email) is available to our support personnel.
Team Echo has extensive experience in enterprise security and handling of sensitive data. We follow industry standards in developing our software with security in mind.
We are currently exploring our options around potential audits and certifications. Please reach out to us at firstname.lastname@example.org if your organization requires particular vendor certification.
We designed our infrastructure, data handling, and privacy policies to accommodate most common scenarios and requirements. Our architecture also allows for customizations of policies if required by your organization. Please keep in mind that such customizations can only narrow down (as in be more strict) than our general approach.
In addition to internal security testing and audit our Vulnerability Disclosure Program invites public testing and disclosure of security flaws.
If you have any questions about our security practices, please contact us at email@example.com.