- Home
- Security
Security at EchoWave
At EchoWave.io, we take the security of your data very seriously. We are committed to maintaining the highest standards of security to protect your information. Here’s how we ensure your data is secure:
Data Encryption
- In Transit: We use TLS (Transport Layer Security) to encrypt data in transit, ensuring that your information is protected as it travels between your device and our servers.
- Passwords: Passwords are never stored in plain text, we use firebase, that in turn uses a modified version of scrypt to ensure passwords are always hashed.
User Authentication
We use Firebase for user authentication, which offers robust security features:
- Two-Factor Authentication: To provide an extra layer of security, we support multi-factor authentication for user accounts.
- Single Sign-On (SSO): If you would like to work with us on setting up SSO for your team, please reach out to our support.
Access Control
Access to data is restricted based on roles:
- User Roles: Different roles (e.g., admin, editor, viewer) ensure that users only have access to the features and data necessary for their role.
- Staff Access: Our internal staff has limited access to user data, and only authorised personnel can access sensitive information.
Regular Security Audits
We conduct regular security audits to identify and address potential vulnerabilities. Our team continuously monitors and tests our systems for security issues. We also use automated alerting tools to scan our deployments and, dependencies and binaries to alert us of any vulnerabilities
Security Policy and Disclosures
We maintain a public security policy that outlines our commitment to security and our procedures for handling security issues:
- Security Policy: Our /security.txt file provides detailed information about our security practices and how to report security vulnerabilities.
Incident Response
In the event of a security incident, we have a comprehensive incident response plan in place:
- Incident Detection and Response: We continuously monitor our systems for suspicious activity and have a response a procedure ready to address any security incidents.
- Data Recovery: We have procedures in place for data recovery to ensure that your data can be restored in case of a breach.
- Disclosure: We will notify affected users and authorities promptly if a data breach occurs.
Compliance
We comply with industry standards and regulations to protect your data:
- GDPR: We adhere to the General Data Protection Regulation (GDPR) to ensure the privacy and security of our users’ data.
- CCPA: We comply with the California Consumer Privacy Act (CCPA) to protect the privacy of our users in California.
Employee Training
All our employees receive regular security training to stay up-to-date on the latest security practices:
- Training Programs: We conduct security training sessions for our staff to ensure they are knowledgeable about security threats and best practices.
Third-Party Integrations
We ensure the security of third-party integrations and services that we use:
- Stripe for Payment Processing: We use Stripe, a secure and widely trusted payment processing platform, to handle all transactions.
- Google Cloud Platform: We use GCP, for application and database hosting
- Backblaze: We use backblaze for video hosting
Vulnerability Management
We have a proactive approach to managing and addressing vulnerabilities:
- Regular Updates: Our software and infrastructure are regularly updated to address security vulnerabilities.
- Bug Bounty Program: We encourage security researchers to report vulnerabilities, who may be eligible for recognition in out hall of fame.
EchoWave Security FAQ
How can users enhance the security of their EchoWave.io accounts?
To enhance the security of your EchoWave.io account, we recommend enabling two-factor authentication (2FA), using strong and unique passwords, and regularly updating your password.
How can I report a security vulnerability or issue?
You can report a security vulnerability or issue by referring to our /security.txt file, which provides detailed information on how to report security concerns. Our security team will review and address the issue promptly.
How is my data protected while using EchoWave.io?
Your data is protected through encryption in transit (TLS). We also have strict access control measures and regular security audits to ensure the safety of your information.
What should I do if I suspect a security issue with my account?
If you suspect a security issue with your account, please contact our support team immediately. We will investigate the issue and take appropriate action to secure your account.
Does EchoWave.io have any recommendations for password management?
We recommend using a password manager to generate and store strong, long, unique passwords for your accounts. Additionally, enabling two-factor authentication (2FA) adds an extra layer of security.