Your data, protected at every layer.
The confidentiality, integrity, and availability of your data is vital to your business. Ecobot is used by some of the largest environmental consultancies, we protect their work with stringent security measures and procedures at every level, in line with industry-standard security programs.
Application security
Visibility and control of all project access
Strict permission levels: Users (least permissive, cannot delete shared data), Managers (control the project, settings, and team), and Admins (only role that can delete organization-owned projects and manage subscription access).
Industry-leading encryption in transit
All data transfers between device and Ecobot's secure cloud use industry-standard 2048-bit RSA SSL/TLS encryption.
Secure authentication
Passwords are stored and transmitted securely, hashed with a strong salt.
Protection against application attacks
Controls and technologies prevent attackers from exploiting application-level vulnerabilities.
Infrastructure security
Strict access control policies
Internal access to customer data is limited and provided only when absolutely required or requested by the customer. Code repositories are protected with two-factor authentication.
Risk mitigation
Document uploads are restricted to specific file types to prevent malicious code from running on clients or in our cloud.
Secrets management
Ecobot uses SaaS industry-standard processes for managing and storing encryption keys.
Automated vulnerability detection
Ecobot's infrastructure is regularly scanned for vulnerable packages.
DoS and DDoS protection
Applications and infrastructure are protected against denial-of-service attacks to maintain high uptime.
Multifactor authentication
Access to the production environment is restricted to authorized Ecobot personnel and requires multifactor authentication.
Physical security
Highly secure cloud
Ecobot hosts data in Amazon data centers, an industry leader in secure hosting facility management. Access requires multi-factor authentication and is logged and audited; professional security staff are present 24/7; UPS and backup generators prevent downtime.
Available worldwide
World-class cloud service you can count on
Ecobot's SLA guarantees 99.5% uptime. Databases and infrastructure are deployed across multiple US geographic regions for resilience to natural disasters and service interruptions.
Compliance
Application and data portability
Well-documented, accessible interfaces ensure customer data is never 'locked in' and the cost of moving to another cloud provider is minimal.
Third-party security assessments
Ecobot's applications are tested by industry-leading vendors.
PCI-compliant payment processing
Ecobot does not store PCI-related payment information. Sensitive data is handled by a PCI Service Provider Level 1 certified third-party provider.
Third-party vendor review
Every vendor in Ecobot's supply chain is audited against Ecobot's security standards.
Responsible disclosure
If you are a security researcher and have discovered a security or privacy issue in our product or services, we appreciate your help in disclosing it to us responsibly. A report should include a description of the vulnerability, steps to reproduce it, the potential impact, and any supporting material. Email security@ecobot.com. Please give us a reasonable amount of time to remediate before public disclosure.