Privacy and Security

Privacy and Security at Ever Accountable

Keeping your data private and secure is extremely important to us. Our entire culture is built around accountability. We are committed to end-to-end privacy and security in our products, interactions and architecture.

To this end, we went through the great expense and difficult process to get ISO certified in both information security and privacy. This means that an international organization audits our business and systems to make sure that we’re being smart and secure about everything we do.

Nobody made us do this. No government requires it. We did it because we want you to be safe and secure in this most important journey to live above pornography. To our knowledge, Ever Accountable is the only accountability software company that has anything close to this level of security certifications.

Porn is enough of a monster to worry about. You don’t need to be concerned about the safety of your data as well.

Ever Accountable maintains active ISO 27001 (Information Security) and ISO 27701 (Privacy) certifications. Click here to see our ISO 27001 certificate and here to see our ISO 27701 certificate. We conduct annual internal and third-party audits to make sure your data remains safe. On top of our ISO certifications, we also remain compliant with additional standards including the California Consumer Privacy Act (CCPA), the E.U. General Data Protection Regulation (GDPR), and the Privacy Shield Framework

Below is an overview of the types of things we do to keep you safe. For full details please see the ISO specifications themselves. They’re quite involved. 🙂

Our Privacy & Security Certifications

ISO 27001

We established an active, certified, Information Security Management System (ISMS) in 2021. To maintain our certification in good standing, we follow rigorous security management best practices and security controls. ISO 27001 is an internationally recognized security standard that includes risk management, security controls, operations planning, and other key activities

We engage A-LIGN as our auditor and registrar for ISO 27001.

ISO 27701

Because of our commitment to privacy, Ever Accountable also established an active, certified Privacy Information Management System (PIMS) in 2021. Our PIMS is an additional layer of security and privacy beyond standard security practices and ensures compliance with legal and regulatory requirements such as CCPA and GDPR.

We engage A-LIGN as our auditor and registrar for ISO 27701.

How We Protect You

This list is not exhaustive and is only meant to show you the types of things we’re regularly doing.

Planning & Management

We maintain a Privacy and Security Program with a dedicated budget and staff that covers all operations in our company. This includes:

  • A privacy and security strategy, including goals and objectives. Our strategy is reviewed and updated on a regular basis.
  • A robust set of privacy and security policies and procedures, which is kept up-to-date at all times.
  • Privacy and security risk assessments are conducted twice per year. The results of these assessments inform our privacy and security roadmap.
  • Team members go through security awareness training on a regular basis.
  • Key performance indicators (KPIs) that track the effectiveness of our privacy and security controls.
Privacy

Your privacy is extremely important to us. We ensure that the data we collect is kept private by maintaining:

  • Internal processes that govern change, removal and/or export of any customer’s personal data upon request.
  • Strict incident response and data breach processes that ensure an immediate response. We also test our processes regularly.
  • Full compliance with all applicable laws and regulations, including the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), Privacy Shield, and others.
Infrastructure

Our service is built within the Amazon Web Services (AWS) cloud and leverages the privacy and security protections that AWS intentionally engineers into their offerings. These protections are passed on to our customers. AWS infrastructure provides:

  • A robust privacy, security and compliance program surrounding physical and environmental security, network infrastructure, core software services and other inherent aspects of AWS’ offering.
  • Network and application firewall capabilities that are used to tightly control access to our networks, servers and applications.
  • Redundancy and resilience protecting against physical and virtual threats to facilities and networking infrastructure.
  • Reliability and protection against threats such as Distributed Denial-of-Service (DDoS) attacks.
Access Control

We maintain strong account management and access control procedures for our team. This includes measures including but not limited to:

  • Strong passwords for all users on the system.
  • The ability for our customers to reset their accountability partner at any time.
  • Our administrators and developers have specific accounts that are used to manage our system.
Encryption

We use encryption across our platform to ensure that sensitive data can only be accessed by those with permission to see it. To do this, we encrypt data when it is stored (i.e. at rest) and while it is being transmitted (i.e. in transit). Our encryption protocols ensure that all traffic between your devices, our servers, and third-party integrations is encrypted with at least 256-bit AES encryption. All data stored in our databases are fully encrypted at all times. All encryption keys are managed via a strict key management process.

Systems & Network Security

To ensure proper accountability, we maintain deep visibility into all transactions performed on our system. All events are fully logged so that we can always determine what is happening on our system, where it is happening, and who is responsible. In addition:

  • Our team is automatically alerted when suspicious activity occurs.
  • We watch all logs in real-time to spot suspicious activity, trends or anomalies.
  • Our logs are detailed and can support compliance reporting and investigations, if necessary.
  • System activity is correlated against threat intelligence data so that we can stay ahead of potential reconnaissance or cyber-attacks.
  • We conduct scans of our infrastructure, web portals and web APIs on a regular schedule, and patch/remediate vulnerabilities based on severity.
Secure Development Practices

We build privacy and security into all aspects of our system, including software code. We adhere to the following development and operations practices:

  • Privacy and security are designed into our system by default. Privacy and security issues are considered, with proper designs created before a feature is ever developed.
  • All code changes and application updates are tracked and reviewed for quality and security.
  • We maintain separate environments for development and testing.
  • Testing and deployment of application features are done through Continuous Integration and Continuous Delivery (CI/CD) pipelines.
Disaster and Data Recovery

To protect our systems and your data, and to ensure a quick recovery in the event of an outage:

  • Our platform is configured with automatic self-healing, failover, rollback, backup and scaling capabilities.
  • We maintain backup copies of data.
  • We regularly test our internal processes by holding business continuity and incident response exercises.

Contact the Security Team

Want more information about our privacy and security practices? Contact us at security@everaccountable.com.