Your data, protected at every layer.

The confidentiality, integrity, and availability of your data is vital to your business. Ecobot is used by some of the largest environmental consultancies, we protect their work with stringent security measures and procedures at every level, in line with industry-standard security programs.

Application security

Visibility and control of all project access

Strict permission levels: Users (least permissive, cannot delete shared data), Managers (control the project, settings, and team), and Admins (only role that can delete organization-owned projects and manage subscription access).

Industry-leading encryption in transit

All data transfers between device and Ecobot's secure cloud use industry-standard 2048-bit RSA SSL/TLS encryption.

Secure authentication

Passwords are stored and transmitted securely, hashed with a strong salt.

Protection against application attacks

Controls and technologies prevent attackers from exploiting application-level vulnerabilities.

Infrastructure security

Strict access control policies

Internal access to customer data is limited and provided only when absolutely required or requested by the customer. Code repositories are protected with two-factor authentication.

Risk mitigation

Document uploads are restricted to specific file types to prevent malicious code from running on clients or in our cloud.

Secrets management

Ecobot uses SaaS industry-standard processes for managing and storing encryption keys.

Automated vulnerability detection

Ecobot's infrastructure is regularly scanned for vulnerable packages.

DoS and DDoS protection

Applications and infrastructure are protected against denial-of-service attacks to maintain high uptime.

Multifactor authentication

Access to the production environment is restricted to authorized Ecobot personnel and requires multifactor authentication.

Physical security

Highly secure cloud

Ecobot hosts data in Amazon data centers, an industry leader in secure hosting facility management. Access requires multi-factor authentication and is logged and audited; professional security staff are present 24/7; UPS and backup generators prevent downtime.

Available worldwide

World-class cloud service you can count on

Ecobot's SLA guarantees 99.5% uptime. Databases and infrastructure are deployed across multiple US geographic regions for resilience to natural disasters and service interruptions.

Compliance

Application and data portability

Well-documented, accessible interfaces ensure customer data is never 'locked in' and the cost of moving to another cloud provider is minimal.

Third-party security assessments

Ecobot's applications are tested by industry-leading vendors.

PCI-compliant payment processing

Ecobot does not store PCI-related payment information. Sensitive data is handled by a PCI Service Provider Level 1 certified third-party provider.

Third-party vendor review

Every vendor in Ecobot's supply chain is audited against Ecobot's security standards.

Responsible disclosure

If you are a security researcher and have discovered a security or privacy issue in our product or services, we appreciate your help in disclosing it to us responsibly. A report should include a description of the vulnerability, steps to reproduce it, the potential impact, and any supporting material. Email security@ecobot.com. Please give us a reasonable amount of time to remediate before public disclosure.

Questions about security or compliance?