We take data security
very seriously

We’re committed to keeping your information safe

EverAfter is committed to the security of our customers and their data. As a cloud-based company entrusted with some of our customers’ most valuable data, we are focused on keeping you and your data safe. EverAfter undergoes periodic penetration testing, and encrypts data at rest and in-transit. Our customers entrust sensitive data to our care. Keeping customer data safe is our priority.

Infrastructure that's secure and reliable

EverAfter uses Amazon Web Services (AWS) for secure and resilient hosting of staging and production environments.  We use multiple availability zones to store customer data redundantly. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance and are continuously certified across a variety of global security and compliance frameworks. EverAfter uses internal services requiring TLS for network access and authenticates users by way of a central identity provider and two factor authentication whenever possible.All employees are required to participate in security and privacy awareness training, which weaves security into technical and non-technical roles.

We’re SOC 2 Type 2 compliant

Our SOC 2 Type 2 report attests to the security controls we have in place as they map to Trust Service Principles established by the American Institute of Certified Public Accountants (AICPA).

Security features

Data encryption

Data is secured in transit by TLS 1.2+ and at rest by the industry standard AES-256 encryption algorithm.

Data permission and authentication

Access to customer data is restricted to authorized employees who need it for their jobs and data access is logged.

Vulnerability management

EverAfter regularly scans our applications to identify potential vulnerabilities that could affect our systems.

Incident response

We have an incident response program that covers things that disrupt our service. This includes defined escalation paths and engaging the appropriate teams to investigate, communicate and remediate the incident.

Software Development Lifecycle (SDLC) Security

EverAfter implements human review processes for software development practices.