Ecanvasser is robust and secure; the security and performance of Ecanvasser is our number one priority. At Ecanvasser, we do our utmost to keep your data safe and secure.
Data hosting and services
Ecanvasser's services and data are hosted in Amazon Web Services (AWS) facilities, us-west-1 (North California) for non-EU customers, and eu-west-1 (Ireland) for EU customers. EU registration data processed by us, may be transferred to the AWS us-west-1 region. Please note that this relates to registration data only. Amazon participates in the EU-US and Swiss-US Privacy Shield Framework regarding the collection, use, and retention of personal information from European Union member countries and Switzerland, respectively and this forms part of our data processing agreement with Amazon. We take advantage of the extensive security options available on AWS to give you confidence that the highest standards and best practices are maintained.
Our database includes a 30 day point in time restore function. The web application itself is on a nightly scheduled backup.
Amazon Web Services guarantees us 99.9% up-time.
SSL & Encryption
Ecanvasser forces HTTPS for all services using TLS (SSL) to our application using 256-bit encryption. All data access is protected by a role-based access-control mechanism, which only lets users view data for which they have permission.
It’s impossible for users to view data from accounts other than their own.
Only authorized employees have access to our production infrastructure, and passwords are strictly regulated. We limit access to customer data to a select few employees who need it to provide support and troubleshooting on our customer’s behalf. Accessing data center information as well as customer data is done solely on an as-needed basis, and only when approved by the customer (i.e. as part of a support request), or to provide support and maintenance.
Credit card data
We do not store any credit card information. We store a random identifier to associate a customer with our payment provider Stripe.com. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.
Data Retention & Deletion
As per our retention policy for personal data processed in relation to the services provided, the data retention periods are:
- For the duration of the contract (accepted subscription agreement) and for a period of thirty (30) days post termination
That said, customers (who are collectors and controllers of the personal data) have the ability to delete personal data utilizing the bulk delete actions within the Ecanvasser platform prior at any time.
We also provide customers with a personal data anonymization tool that allows you to safely anonymize data collected while retaining the analytical results of interactions performed.
Visit the Privacy Dashboard to learn more about the Anonymization tool
Maintenance and updates
Ecanvasser is regularly updated with improvements and minor fixes, typically on a weekly basis. Larger feature releases and updates are done on a 4 to 6 weeks release cycle.
Compliance & Policies
Our technology and processes adhere to the strictest legal privacy requirements, and we regularly revise our policies and agreements to ensure we have continued compliance with the latest data protection regulations:
- Subscription Agreement
- End User Licence Agreement
- Data Processing Agreement
- Technical & Organization Measures (TOMs)
List of sub-processors
Sub-processors that we use to provide our services.
As part of the delivery of our Services to our Customers, we may use third party data processors, also know as a "Sub-processor". Below is important information about the identity and role of each Sub-processor: