Keeping your data secure is our top priority.

We aim to provide a secure environment while being mindful of application performance and the overall user experience. To alert us with a vulnerability or other security concern, email [email protected]

Keeping your data secure is our top priority.

We aim to provide a secure environment while being mindful of application performance and the overall user experience. To alert us with a vulnerability or other security concern, email [email protected]

Infrastructure

Effectiv is hosted on Google Cloud, benefitting from a secure-by-design infrastructure with built-in protections from Google Cloud. Google Cloud undergoes independent verification of security, privacy, and compliance controls to help meet regulatory and policy objectives. For more specific details regarding Google Cloud security, please refer to https://cloud.google.com/security.

Data Security

We use standard underlying storage services available on Google Cloud, which encrypts all customer content stored at rest, without any additional action, using one or more encryption mechanisms. All data is encrypted at rest with AES256 by default.

All the connections to and from our infrastructure are secured using TLS 1.2, ensuring that data is encrypted in transit.

All passwords are encrypted using bcrypt, and PII data is encrypted using Hashicorp Vault.

Application Security & Monitoring

Applications are a tenant to one of the Virtual Private Clouds (VPC) in Google Cloud. Restrictive network firewalls and policies secure each VPC and its hosted applications. We use Google Cloud Armor to protect our applications and websites against denial of service and web attacks.

Effectiv implements a mix of human and automation processes to ensure consistent quality in our software development practices. We run continuous security and vulnerability scans to identify early and mitigate early for any potential impact.

We have extensive monitoring and internal tooling with the backing of 24/7 support. Our applications log responsibility for the needed data and produce an audit trail for the system change.

Compliance

SOC 2 Type 2

In accordance with the American Institute of Certified Public Accountants (AICPA), Effectiv has achieved SOC 2 Type 2 compliance. This attestation report serves as validation of Effectiv’s dedication and commitment to our customers and the security of their data.

CCPA

We are in compliance with California Consumer Privacy Act of 2018 (CCPA) & the articles outlined in CCPA. This has been assessed by our external Compliance consultant (Thoropass).

GDPR

We are in compliance with the General Data Protection Regulation (GDPR) & the articles outlined in GDPR by the European Union.This has been assessed by our external Compliance consultant (Thoropass).

Effectiv is considered as a Data processor under the provisions of GDPR.

Data Processor: The organisation processes (or performs any actions on data, whether automated or manual, such as collecting, recording, organizing, structuring, storing, using, erasing, or etc.) personal data on behalf of a data controller.

Security Controls

Effectiv utilizes Thoropass, a security and compliance automation platform that monitors its policies, procedures, and IT infrastructure to ensure it adheres to industry standards through its in-built integrations.

Thoropass continuously monitors (140+ security controls recommended for SOC 2 Type 2 recommended by The AICPA) these resources to determine if the company meets defined framework standards. This enables Effectiv with real-time monitoring and assurance of your security controls.