Ecobot Security

At Ecobot, we understand that the confidentiality, integrity, and availability of your data is vital to your business, and we take our responsibility to protect it very seriously. Used by some of the largest environmental consultancies, Ecobot helps field scientists do their job more accurately and efficiently while safeguarding their data in the cloud by implementing stringent security measures and procedures at all levels, in accordance with industry-standard security programs.

Application Security

Visibility and control of all project access
Ecobot has implemented strict permission levels so you can control who has access to your projects. These include:

Industry leading encryption in transit
All data transfers from a device to Ecobot's secure cloud with industry standard 2048-bit rsa ssl/tls encryption.

Secure authentication
Passwords are stored and transmitted securely and hashed using a strong salt.

Protection against application attacks
Ecobot uses controls and technologies to prevent attackers from exploiting application-level vulnerabilities.

Infrastructure Security

Strict access control policies
Access to customer data internally is limited and provided only when absolutely required or requested by the customer. Code repositories are protected using 2-factor authentication.

Risk mitigation
Document uploads are restricted to specific file types to prevent malicious code from being executed on clients or on our cloud hosting machines.

Secrets management
Ecobot uses SaaS industry standard processes for managing and storing encryption keys.

Automated vulnerability detection
Ecobot's infrastructure is regularly scanned for vulnerable packages.

DoS and DDoS protection
Ecobot's applications and infrastructure are protected against Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, ensuring our high uptime.

Multifactor authentication
Access to the production environment is restricted to a few authorized Ecobot personnel. Multifactor authentication is required to access production systems.

Physical Security

Highly secure cloud
Ecobot hosts data in Amazon data centers, which is an industry leader in secure hosting facilities management. Read more about security at Amazon.

Available Worldwide

World-class cloud service you can count on
Ecobot's SLA ensures 99.5% uptime for services. Databases and infrastructure are available in multiple geographic regions in the United States, allowing resilience in the face of natural disasters or service interruptions.

Compliance

Application and data portability
Ecobot provides well documented and easily accessible interfaces to help ensure customer data is not 'locked in' and that the cost for moving to another cloud provider is minimal.

Third party security assessments
Ecobot's applications are tested using industry leading vendors.

Payment processes are PCI compliant
Ecobot does not store PCI-related payment information. All sensitive data is stored by a PCI Service Provider Level 1 certified third-party provider.

Third party vendor review
Our vendors work just as hard as we do to ensure your data is safe and secure. All third party vendors are audited for compliance with Ecobot's security standards.

Responsible Disclosure Policy

Reporting Security Vulnerabilities to Ecobot
Ecobot aims to keep its product and services safe for everyone. Data security and privacy are of utmost priority to Ecobot. If you are a security researcher and have discovered a security or a privacy issue in the product or services, we appreciate your help in disclosing it to us in a responsible manner.

A report should include:

Out of scope issues