Eminate.io Security Statement
Last updated: April 6, 2021
We use Eminate.io every day to keep our team organized, connected, and focused on results. Ensuring our platform remains secure is vital to protecting our own data, and protecting your information is our highest priority.
Our security strategy covers all aspects of our business, including:
- Eminate.io corporate security policies
- Physical and environmental security
- Operational security processes
- Scalability & reliability of our system architecture
- Data model access control in Eminate.io
- Systems development and maintenance
- Service development and maintenance
- Regularly working with third party security experts
Eminate.io Corporate Security Policies & Procedures
Every Eminate.io employee is expected to respect the terms of our data confidentiality policies, available at eminate.io/terms and eminate.io/privacy. Access rights are based on employee’s job function and role.
Security in our Software Development Lifecycle
Eminate.io uses the git revision control system. Changes to Eminate.io’s code base go through a suite of automated tests and are reviewed and go through a round of manual review. When code changes pass the automated testing system, the changes are first pushed to a staging server wherein Eminate.io employees are able to test changes before an eventual push to production servers and our customer base. We also add a specific security review for particularly sensitive changes and features. Eminate.io engineers also have the ability to “cherry pick” critical updates and push them immediately to production servers.
We also work with third-party security professionals to test our web application security.
Eminate.io Architecture & Scalability
Scalability/Reliability of Architecture
Eminate.io uses Amazon Web Services (RDS & S3) to manage user data. The database is replicated synchronously so that we can quickly recover from a database failure. As an extra precaution, we take regular snapshots of the database and securely move them to a separate data center so that we can restore them elsewhere as needed, even in the event of a regional Amazon failure.
We currently host data in secure SSAE 16 audited data centers via Amazon RDS.
Web connections to the Eminate.io service are via TLS 1.2 and above.
Security Consulting and Application Review
We work with external security advisors, and have a responsible disclosure policy that allows security researchers to report vulnerabilities in our application.
Data Center Security
Amazon employs a robust physical security program with multiple certifications, including an SSAE 16 certification. For more information on Amazon’s physical security processes, please visit aws.amazon.com/security.
Administrator Management Features
Authentication – Eminate.io administrators can have employees authenticate via Google Accounts or Yammer. If passwords are stored directly with Eminate.io, we secure them using salted bcrypt.
User Management – Administrators can see Last Activity, Guest/Member status, and deprovision users from a central administration interface.
Privacy, Visibility, & Sharing Settings – Customers determine who can access different categories of data like folders, templates, and checklists. You can limit a user’s access by inviting them as a Guest.
We are committed to making Eminate.io consistently available to you and your teams. Our systems have built-in redundancy to withstand failures and are constantly monitored to keep your work uninterrupted.
Want to report a security concern?
Email us at firstname.lastname@example.org.