Keeping your data private and secure is extremely important to us. Our entire culture is built around accountability. We are committed to end-to-end privacy and security in our products, interactions and architecture.
To this end, we went through the great expense and difficult process to get ISO certified in both information security and privacy. This means that an international organization audits our business and systems to make sure that we’re being smart and secure about everything we do.
Nobody made us do this. No government requires it. We did it because we want you to be safe and secure in this most important journey to live above pornography. To our knowledge, Ever Accountable is the only accountability software company that has anything close to this level of security certifications.
Porn is enough of a monster to worry about. You don’t need to be concerned about the safety of your data as well.
Ever Accountable maintains active ISO 27001 (Information Security) and ISO 27701 (Privacy) certifications. Click here to see our ISO 27001 certificate and here to see our ISO 27701 certificate. We conduct annual internal and third-party audits to make sure your data remains safe. On top of our ISO certifications, we also remain compliant with additional standards including the California Consumer Privacy Act (CCPA), the E.U. General Data Protection Regulation (GDPR), and the Privacy Shield Framework
Below is an overview of the types of things we do to keep you safe. For full details please see the ISO specifications themselves. They’re quite involved. 🙂
We established an active, certified, Information Security Management System (ISMS) in 2021. To maintain our certification in good standing, we follow rigorous security management best practices and security controls. ISO 27001 is an internationally recognized security standard that includes risk management, security controls, operations planning, and other key activities
We engage A-LIGN as our auditor and registrar for ISO 27001.
Because of our commitment to privacy, Ever Accountable also established an active, certified Privacy Information Management System (PIMS) in 2021. Our PIMS is an additional layer of security and privacy beyond standard security practices and ensures compliance with legal and regulatory requirements such as CCPA and GDPR.
We engage A-LIGN as our auditor and registrar for ISO 27701.
This list is not exhaustive and is only meant to show you the types of things we’re regularly doing.
We maintain a Privacy and Security Program with a dedicated budget and staff that covers all operations in our company. This includes:
Your privacy is extremely important to us. We ensure that the data we collect is kept private by maintaining:
Our service is built within the Amazon Web Services (AWS) cloud and leverages the privacy and security protections that AWS intentionally engineers into their offerings. These protections are passed on to our customers. AWS infrastructure provides:
We maintain strong account management and access control procedures for our team. This includes measures including but not limited to:
We use encryption across our platform to ensure that sensitive data can only be accessed by those with permission to see it. To do this, we encrypt data when it is stored (i.e. at rest) and while it is being transmitted (i.e. in transit). Our encryption protocols ensure that all traffic between your devices, our servers, and third-party integrations is encrypted with at least 256-bit AES encryption. All data stored in our databases are fully encrypted at all times. All encryption keys are managed via a strict key management process.
To ensure proper accountability, we maintain deep visibility into all transactions performed on our system. All events are fully logged so that we can always determine what is happening on our system, where it is happening, and who is responsible. In addition:
We build privacy and security into all aspects of our system, including software code. We adhere to the following development and operations practices:
To protect our systems and your data, and to ensure a quick recovery in the event of an outage:
Want more information about our privacy and security practices? Contact us at firstname.lastname@example.org.