eagle.io
Compliance
Compliance
Security and compliance is of paramount importance to us. We focus on providing a secure environment that goes above and beyond industry security standards and guidelines. The following is an overview of the steps we take to secure our customers’ most sensitive information.
Our payment processor is a validated PCI DSS (Level 1) Compliant Service Provider, is on Visa’s Global Compliant Provider List and MasterCard’s SDP List.
We require all users to authenticate each time they use eagle.io. Passwords are never stored directly in the database, but are salted and hashed using a slow hash function to increase security. In addition, all communication between our users and us is conducted in a highly secure fashion using the TLS 1.2 Protocol, a 2048 bit RSA key, and the ECDH 256 bit cipher suite.
Two-Factor Authentication (optional)
Two-Factor authentication adds an extra layer of security to your account. This feature is optional, and can be enabled by clicking the Enable Two-Factor Authentication button. Once enabled, you will need to provide a code along with your username and password when logging in.
We make exclusive use of ISO27001 compliant data hosting facilities located in Australia.
http://www.iso.org/iso/home/standards/management-standards/iso27001.htm
We never store our customers credit card numbers, these are handled by our payment processor.
All user data is strictly segregated so that no user may ever view, tamper with, or become aware of the data of any other user.
We have a SHA256 certificate which assures all users that they are communicating with the genuine eagle.io website at all times.
We have high redundancy onsite and offsite. Onsite data is mirrored on individual servers using RAID and is also hot synced between at least 3 redundant servers at all times. Data is also encrypted and backed up off site with an undisclosed third party.
Our offsite backup is geographically separated from all our other data centers, allowing disaster recovery even after a multi-site failure.
All significant activity by our users or internally by our employees is extensively logged in a tamper-proof fashion. We engage in the practice of extensive internal code reviews of all the software we develop.
All changes to production services are first staged and tested to ensure no impact to end users. We maintain multiple service environments, allowing changes to be promoted or reverted seamlessly without downtime.
At least quarterly, we conduct automated vulnerability scans. In addition, routine penetration testing is conducted to assess our security against external threats.
Our network has been set up in a secure fashion with minimal access to outside networks. Only VPN access is allowed to our servers from whitelisted IPs. Internally, we use segmented networks so only servers which work together can communicate with each other. We facilitate secured patching and software updates of all our systems, including watching numerous online resources for the latest vulnerabilities. All of our employees undergo training on relevant security matters that pertain to their job.
We are continually seeking to enhance our already robust security and compliance framework. We are currently undergoing assessment for inclusion in the Security, Trust and Assurance Registry of the Cloud Security Alliance, which certifies cloud provider trust and assurance.
https://cloudsecurityalliance.org/star/registry
Learn more in our Business Security Whitepaper
This page was last modified on June 15, 2021.
