EverAfter is committed to the security of our customers and their data. As a cloud-based company entrusted with some of our customers’ most valuable data, we are focused on keeping you and your data safe. EverAfter undergoes periodic penetration testing, and encrypts data at rest and in-transit. Our customers entrust sensitive data to our care. Keeping customer data safe is our priority.
EverAfter uses Amazon Web Services (AWS) for secure and resilient hosting of staging and production environments. We use multiple availability zones to store customer data redundantly. AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance and are continuously certified across a variety of global security and compliance frameworks. EverAfter uses internal services requiring TLS for network access and authenticates users by way of a central identity provider and two factor authentication whenever possible.All employees are required to participate in security and privacy awareness training, which weaves security into technical and non-technical roles.
Our SOC 2 Type 2 report attests to the security controls we have in place as they map to Trust Service Principles established by the American Institute of Certified Public Accountants (AICPA).
Data is secured in transit by TLS 1.2+ and at rest by the industry standard AES-256 encryption algorithm.
Access to customer data is restricted to authorized employees who need it for their jobs and data access is logged.
EverAfter regularly scans our applications to identify potential vulnerabilities that could affect our systems.
We have an incident response program that covers things that disrupt our service. This includes defined escalation paths and engaging the appropriate teams to investigate, communicate and remediate the incident.
EverAfter implements human review processes for software development practices.