Privacy is as the heart of EchoMark's mission, to enable the seamless flow of private information by enhancing stewardship. Stewardship at EchoMark begins with our own security and compliance posture.
Data in transit
All data transferred between the user’s browser or client app and EchoMark’s servers is encrypted in transit. EchoMark uses TLS v1.2.
Data at rest
Data is encrypted at rest in AWS using AES-256.
Data center provider
EchoMark uses Amazon Web Services (AWS) to host its production servers, databases, and supporting services.
By default, EchoMark’s hosting is multi-tenant, but EchoMark can be configured to run on a co-managed single-tenant within your organization.
EchoMark uses managed databases that regularly backs up data to external geographic regions. Blob data is stored redundantly across geographic regions.
EchoMark service status, maintenance updates, and incidents affecting our users are documented and available at https://echomark.statuspage.io/
Access to EchoMark’s systems is limited based on employee roles and responsibilities. The principle of least privilege is enforced.
Testing and review
All changes to our application are subject to peer review and testing before being merged.
EchoMark maintains segregated testing, development, and production environments.
EchoMark regularly employs third party penetration testing services.
EchoMark uses third-party security tools to continuously scan our applications, systems and infrastructure for security risks and vulnerabilities.
EchoMark’s repositories are regularly scanned for security issues using static code analysis.
EchoMark uses Okta’s Auth0 to handle user-authentication into the EchoMark app.
Admins in an EchoMark business or enterprise account can manage access-levels for other EchoMark users in the org.
EchoMark maintains a robust set of security policies that are updated periodically to keep up with an ever-evolving security environment. Policies are shared with employees and available for review at any time.
All EchoMark employees are required to complete security training as part of onboarding.
EchoMark performs background checks for all potential candidates before hiring.
All corporate devices are equipped with agents to continually monitor security and compliance.
Secure remote access
EchoMark secures remote access to internal resources using corporate VPN.
SOC 2 Type 2 audit is in progress.