Security Policy

Keeping our clients’ data secure is an absolute top priority at Effectiv. Our goal is to provide a secure environment, while also being mindful of application performance and the overall user experience. To email us with a vulnerability or other security concern, send an email to [email protected]. 


Effectiv is entirely hosted on Google Cloud, benefitting from a secure-by-design infrastructure with built-in protections from Google Cloud. Google Cloud undergoes independent verification of security, privacy, and compliance controls to help meet regulatory and policy objectives. For additional, more specific details regarding Google Cloud security, please refer to

Data Security

We use standard underlying storage services available on Google Cloud which encrypts all customer content stored at rest, without any additional action, using one or more encryption mechanisms. All data is encrypted at rest with AES256 by default.

All the connections to and from our infrastructure are secured using TLS 1.2 ensuring that data is encrypted at transit.

All of the passwords are stored in encrypted form using bcrypt and PII data is encrypted using Hashicorp Vault. 

Application Security & Monitoring

Applications are a tenant to one of the Virtual Private Clouds (VPC) in Google Cloud. Each VPC and its hosted applications are secured by restrictive network firewalls and policies. We use Google Cloud Armor to protect our applications and websites against denial of service and web attacks.

Effectiv implements a mix of human and automation processes to ensure consistent quality in our software development practices. We run continuous security and vulnerability scans to identify early and mitigate early for any potential impact.

We have extensive monitoring and internal tooling with the experts backing of 24/7 support. Our applications log responsibility for the needed data and are produce an audit trail for the change in the systems. 

Security Certifications

In accordance with the American Institute of Certified Public Accountants (AICPA), Effectiv has achieved SOC 2 Type 2 compliance. This attestation report serves as validation of Effectiv’s dedication and commitment to our customers and the security of their data.  

Security Controls

Effectiv utilizes Drata, a security and compliance automation platform that monitors the company’s policies, procedures, and IT infrastructure to ensure the company adheres to industry standards through itsin-built integrations.

Drata continuously monitors (140+ security controls recommended for SOC 2 Type 2 recommended by The AICPA) these resources to determine if the company meets defined framework standards. This enables Effectiv with real-time monitoring and assurance of your security controls.