At Effortbox, the security of your data is our top priority. The following policy describes what practices are used to secure and prevent misuse or loss of data provided to Effortbox by its clients.

Hosting infrastructure

Our application is hosted on servers provided by secure Microsoft Azure Cloud in its US data centers. It offers best-in-class security infrastructure and takes care of backups, logging, auditing, and other infrastructure-related services.

Compliance

Microsoft Azure Cloud has been certified by third-party organizations and manages many compliance programs. Its data centers are monitored by 24×7 security, biometric scanning, video surveillance and are SOC 2 (Type 2) and ISO 27 001 certified. A list of such certifications and compliance statements can be found here.

Effortbox is GDPR (General Data Protection Regulation) compliant.

Data encryption

All data-in-transit and communications with the Effortbox are secured with HTTPS using TLS 1.2 or higher encryption. Data at rest is encrypted following the best industry standards of AES 256-bit encryption.

User authentication & SSO

The standard Effortbox authentication requires an email address and password for each user. We also offer single sign-on (SSO) using Google that lets users authenticate without requiring them to enter additional login credentials.

People and access

Within Effortbox, only the top-level administrators have access to the production environment to maintain our cloud services and assist our customers. Additionally, we monitor all access to the Effortbox cloud. Effortbox implements a variety of data security and vulnerability checks to ensure secure software development.

Data retention

We encrypt and store customers’ data in a database for as long as organizations are valid customers. If a customer leaves our service, all the data will be removed entirely upon the customer’s request or within one year of inactivity. To request the deletion of your data, please contact us at support@effortbox.com.

Privacy

Effortbox understands the importance of ensuring the privacy of your personally identifiable information and being legally compliant with privacy laws and regulations. For more information, please see our Privacy Policy.

Changes to the security and reporting security issues

We may update our security policy from time to time. If you have any questions about our security guidelines or notice any vulnerabilities that you would like to report, please contact us by email: support@effortbox.com.