Last revised Jan 16, 2019
Customer trust is essential. We always strive to manage your personal information with integrity and respect, and recognize that protecting your information must be our top priority. Please let us know if you have any questions after reading this, or encounter any issues.
How does Eddy protect data?
- User credentials are securely stored and are not reversible (hashed and salted).
- Eddy utilizes HTTPS for all data transfer.
- All Eddy databases are encrypted at rest.
- Eddy uses additional field-level encryption for highly sensitive data (e.g., social security numbers).
- Eddy users can control employee data access via roles & permissions.
- Eddy customer support tasks are restricted to trained personnel.
- Payment and credit card data is PCI compliant.
Where and how is the data stored?
Payment and credit card data is stored via Stripe. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. Learn more at https://stripe.com/docs/security/stripe.
All other Eddy customer data is stored in highly secure AWS data centers. These centers are ISO 27001 certified. The AWS data centers and network architecture are built to meet the requirements of the most security-sensitive organizations. Eddy’s AWS instances and data are located in the USA. For more information please see Amazon white papers on security: https://aws.amazon.com/whitepapers.
Who can access the data?
You and your employees have access to your data, based on the roles and permissions you establish for each user. Each user must login to view any information. You can control who has access and what level of access is given to any employee.
Our Customer Support staff will only access your data with your permission and at your request. Only employees who are trained and authorized can access the data.
Is the data backed up?
All Eddy data is backed up at least daily.
How you can do your part
It is also important for you to guard against unauthorized access to your personal information by maintaining strong passwords and protecting against the unauthorized use of your own computer or device. You can control the safety of your password. Here are some important things to keep in mind:
- We will never ask you to disclose your password to us or anyone else, and you should not share it with anyone.
- We recommend that you change your password periodically.
- A strong password contains a mix of numbers, letters, and symbols and is only used for this account
- Always log out of Eddy when you use a computer you share with other people.