Ecanvasser is robust and secure; the security and performance of Ecanvasser is our number one priority. At Ecanvasser, we do our utmost to keep your data safe and secure.

Data hosting and services

Ecanvasser's services and data are hosted in Amazon Web Services (AWS) facilities.

For non-EU customers, your data is hosted on in North California, USA (AWS region us-west-1).

For EU customers, your data is hosted in Ireland (AWS region eu-west-1).

We have taken full advantage of the extensive and rigorous security options available on AWS to give you confidence that the highest standards and best practices are maintained.

EU customer registration data processed by Ecanvasser may be transferred to the AWS us-west-1 region. Please note that this relates to user registration data only. Amazon Web Services participates in the EU–US and Swiss–US Data Privacy Frameworks regarding the collection, use, and retention of personal information from European Union member countries and Switzerland, respectively, and this forms part of our data processing agreement with Amazon. Further details regarding the EU–US Data Privacy Framework can be found here.

In addition, safeguards for transfers to Third Countries are in place under Module Four: EU Commission-approved Processor-to-Controller Standard Contractual Clauses (SCCs), pursuant to clause 10 of the DPA.

Data backup

Our database includes a 30-day point-in-time restore function.

The web application itself is on a nightly scheduled backup.

Application up-time

Amazon Web Services guarantees us 99.9% uptime.

SSL & Encryption

Ecanvasser forces HTTPS for all services using TLS (SSL) to our application using 256-bit encryption. All data access is protected by a role-based access-control mechanism, which only lets customers view data for which they have permission.
Customers can’t view data from accounts other than their own.

Access Controls

Only authorised employees have access to our production infrastructure, and passwords are strictly regulated.

We limit access to customer data to a select few employees who need it to provide support and troubleshooting on our customers’ behalf.

Accessing data centre information as well as customer data is done solely on an as-needed basis, and only when approved by the customer (i.e. as part of a support request), or to provide support and maintenance.

Credit Card Security

We do not store any credit card information. We store a random identifier to associate a customer with our payment provider Stripe.com.

Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1.

This is the most stringent level of certification available in the payments industry.

Data Retention & Deletion

As per our retention policy for personal data processed in relation to the services provided, the data retention periods are:

For the duration of the contract (accepted subscription agreement) and for a period of thirty (30) days post termination

At any time, Customers (who are collectors and controllers of the personal data) can delete any personal data utilizing the delete function that is available within the Ecanvasser platform prior.

We also provide customers with a personal data anonymization tool that allows you to safely anonymize data collected while retaining the analytical results of interactions performed.

Visit the Privacy Dashboard to learn more about the Anonymization tool.

Maintenance and Updates

Ecanvasser is regularly updated with improvements and minor fixes, typically on a weekly basis.

Larger feature releases and updates are done on a 4 to 6-week release cycle.

Compliance & Policies

Our technology and processes adhere to the strictest legal privacy requirements, and we regularly revise our policies and agreements to ensure we have continued compliance with the latest data protection regulations:

We use sub-processors to provide our services.

We may use third-party data processors, also known as a "Sub-processor", to deliver our Services to our Customers.

Below is important information about the identity and role of each Sub-processor:

Name of Sub-processor	Processing Activities & Location	Personal Data
Amazon Web Services, Inc	Provides the infrastructure for compute, storage, networking, databases, and other cloud services. Location: AWS operates multiple regions and availability zones globally. Ecanvasser chooses which region each customer's account is hosted on. For non-EEA customers, your data is hosted in Northern California, USA (AWS region us-west-1). For EEA customers, your data is hosted in Ireland (AWS region eu-west-1).	Any personal data as described in the DPA
Auth0	Auth0 stores and processes user profile data (user attributes, metadata) for authentication and access management. It only retains information necessary for identity management purposes. Location: Ecanvasser selects their tenant region. For EU/UK tenants, this is typically AWS EU (with primary availability in Frankfurt and failover in Dublin). Data stays within the chosen region, with minimal exceptions (e.g., aggregate telemetry for metrics and billing)	End-User email address
Authy	Authy is a multi-factor authentication (MFA/2FA) service, including processing of end-user identifiers, delivery of authentication tokens, storage of encrypted authentication secrets for backup and sync, and associated metadata for service operation, fraud prevention, and compliance. Location: Authy stores user data in data centres located in the United States, with backups potentially maintained in other regions to ensure redundancy and reliability	End-User email address
CallHub	Ecanvasser syncs segmented contacts to CallHub and pulls back call/SMS interaction data in real time—supporting multichannel outreach tracking. NB - Sub-processing is only initiated on instruction from the Customer. Location: US by default, however, it is possible for Customer's CallHub accounts to be located within the EEA. Please get in touch with CallHub to confirm the location of your CallHub account.	Selected Contact records and Interaction records are synced between Ecanvasser and CallHub (customer-determined integration)
Google API	Addresses (residential or business) are geocoded using the Google API and plotted on a map with the Ecanvasser platform. Location: Global	Premise address
Mailchimp	Syncs contacts (and associated consent information) from Ecanvasser to Mailchimp for targeted email campaigns; includes one-way sync and automatic list updating. NB - Sub-processing is only initiated on instruction from the Customer. Location: All Mailchimp customer account data is stored in their high-security data centres in the US.	Selected Contact records are synced between Ecanvasser and Mailchimp (customer-determined integration)
NationBuilder	Enables follow-up outreach—email blasts, petitions, events, and pushes data back to Ecanvasser. NB - Sub-processing is only initiated on instruction from the Customer. Location: Data is processed within US. Please contact NationBuilder to confirm the location of your NB account.	Selected Contact records and Interaction records between Ecanvasser and NationBuilder (customer-determined integration)
Salesforce	Two-way CRM sync—contacts/lists are synchronised between Ecanvasser and Salesforce in real time. NB - Sub-processing is only initiated on instruction from the Customer. Location: Salesforce's data centres are located in multiple locations. Customer can confirm the location of their Salesforce account through the *Find My Instance* functionality within their Salesforce account.	Selected Contact records and Interaction records are synced between Ecanvasser and Salesforce (customer-determined)