Security at EchoWave

At EchoWave.io, we take the security of your data very seriously. We are committed to maintaining the highest standards of security to protect your information. Here’s how we ensure your data is secure:

Data Encryption

• In Transit: We use TLS (Transport Layer Security) to encrypt data in transit, ensuring that your information is protected as it travels between your device and our servers.
• Passwords: Passwords are never stored in plain text, we use firebase, that in turn uses a modified version of scrypt to ensure passwords are always hashed.

User Authentication

We use Firebase for user authentication, which offers robust security features:

• Two-Factor Authentication: To provide an extra layer of security, we support multi-factor authentication for user accounts.
• Single Sign-On (SSO): If you would like to work with us on setting up SSO for your team, please reach out to our support.

Access Control

Access to data is restricted based on roles:

• User Roles: Different roles (e.g., admin, editor, viewer) ensure that users only have access to the features and data necessary for their role.
• Staff Access: Our internal staff has limited access to user data, and only authorised personnel can access sensitive information.

Regular Security Audits

We conduct regular security audits to identify and address potential vulnerabilities. Our team continuously monitors and tests our systems for security issues. We also use automated alerting tools to scan our deployments and, dependencies and binaries to alert us of any vulnerabilities

Security Policy and Disclosures

We maintain a public security policy that outlines our commitment to security and our procedures for handling security issues:

• Security Policy: Our /security.txt file provides detailed information about our security practices and how to report security vulnerabilities.

Incident Response

In the event of a security incident, we have a comprehensive incident response plan in place:

• Incident Detection and Response: We continuously monitor our systems for suspicious activity and have a response a procedure ready to address any security incidents.
• Data Recovery: We have procedures in place for data recovery to ensure that your data can be restored in case of a breach.
• Disclosure: We will notify affected users and authorities promptly if a data breach occurs.

Compliance

We comply with industry standards and regulations to protect your data:

• GDPR: We adhere to the General Data Protection Regulation (GDPR) to ensure the privacy and security of our users’ data.
• CCPA: We comply with the California Consumer Privacy Act (CCPA) to protect the privacy of our users in California.

Employee Training

All our employees receive regular security training to stay up-to-date on the latest security practices:

• Training Programs: We conduct security training sessions for our staff to ensure they are knowledgeable about security threats and best practices.

Third-Party Integrations

We ensure the security of third-party integrations and services that we use:

• Stripe for Payment Processing: We use Stripe, a secure and widely trusted payment processing platform, to handle all transactions.
• Google Cloud Platform: We use GCP, for application and database hosting
• Backblaze: We use backblaze for video hosting

Vulnerability Management

We have a proactive approach to managing and addressing vulnerabilities:

• Regular Updates: Our software and infrastructure are regularly updated to address security vulnerabilities.
• Bug Bounty Program: We encourage security researchers to report vulnerabilities, who may be eligible for recognition in out hall of fame.