Ecanvasser is robust and secure; the security and performance of Ecanvasser is our number one priority. At Ecanvasser, we do our utmost to keep your data safe and secure.
Data hosting and services
Ecanvasser's services and data are hosted in Amazon Web Services (AWS) facilities, us-west-1 (North California) for non-EU customers, and eu-west-1 (Ireland) for EU customers. EU registration data processed by us, may be transferred to the AWS us-west-1 region. Please note that this relates to registration data only. Amazon participates in the EU-US and Swiss-US Privacy Shield Framework regarding the collection, use, and retention of personal information from European Union member countries and Switzerland, respectively and this forms part of our data processing agreement with Amazon. We take advantage of the extensive security options available on AWS to give you confidence that the highest standards and best practices are maintained.
Our database includes a 30 day point in time restore function. The web application itself is on a nightly scheduled backup.
Amazon Web Services guarantees us 99.9% up-time.
SSL & enrcyption
Ecanvasser forces HTTPS for all services using TLS (SSL) to our application using 256-bit encryption. All data access is protected by a role-based access-control mechanism, which only lets users view data for which they have permission.
It’s impossible for users to view data from campaigns other than their own.
Only authorized employees have access to our production infrastructure, and passwords are strictly regulated. We limit access to customer data to a select few employees who need it to provide support and troubleshooting on our customer’s behalf. Accessing data center information as well as customer data is done solely on an as-needed basis, and only when approved by the customer (i.e. as part of a support request), or to provide support and maintenance.
Credit card data
We do not store any credit card information. We store a random identifier to associate a customer with our payment provider Stripe.com. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.
Maintenance and updates
Ecanvasser is regularly updated with improvements and minor fixes, typically on a weekly basis. Larger feature releases and updates are done on a 4 to 6 weeks release cycle.
GDPR - List of sub-processors
Sub-processors used to provide our services
As part of the delivery of our Services to our Customers, we may use third party data processors, also know as a "Sub-processor". Below is important information about the identity and role of each Sub-processor.
SUB-PROCESSOR NAME DESCRIPTION OF SERVICE
Intercom Support management and communication
Stripe Payment Processing
AWS (Amazon Web Services) Platform hosting & Infrastructure
NationBuilder Voter data management
Hubspot Marketing Automation
Nexmo SMS service provider
GoogleAnalytics Website analytics and performance