Security and Privacy at Eden

We are committed to protecting your data. We keep your data secure with enterprise-level security standards and compliance audits.

Infrastructure

Eden uses Amazon Web Services (AWS) for data hosting. AWS data centers have 24x7 security monitoring, biometric scanning and video surveillance. They are also SOC 1, SOC 2 and SOC 3 certified.

Compliance

Eden is SOC2 compliant. We have been audited by an independent firm for the trust services criteria relevant to security as set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria).

Data Encryption

All data transfers between customers and Eden are secured using Transport Layer Security (TLS 1.2+) and industry-standard encryption. Additionally, customer data is encrypted at rest using AES256.

Penetration Testing

We work with a third-party security firm to perform penetration tests on an annual basis, at minimum.

Employee Training and Policies

All personnel complete ongoing security training, including topics such as information security, data privacy, and password security. There are strict data security policies that govern employees, including acceptable use and password compliance.

Identity Management

We support single sign on options with SAML 2.0.

Incident Response

An incident response plan is maintained that provides the objectives, classification and procedures of our incident response. We engage a third-party expert, at least annually, to lead us through exercises to assess the ability of our Incident Response Team to execute on the plan.

Application Development

Secure development and change management policies provide controls for our system development functions. We have strict policies to ensure code quality and security.

Vendor Due Diligence and Monitoring

We have a vendor approval process, ensuring reviews of all vendors before engaging with them and ongoing review once engaged. All vendors must go through a business, legal, and security review before they are approved, and SOC reports are reviewed where applicable. 

Access Controls

Employee accesses are limited, following a least access principle. Accesses are reviewed quarterly. 

Disaster Recovery and Back-Ups

We have daily and point in time recovery with AWS Postgres RDS. Backups are replicated to a separate region and retained for 30 days. We are continually backing up data and could have at most five minutes of data loss.

Reliability

We continually monitor our system performance and have automated alerts to ensure a quick response to any service interruptions. You can see our system status here.

Data Storage

Data is stored in the United States. We use the Standard Contractual Clauses to cover regulatory requirements in countries where applicable.

Subprocessors

We use the following subprocessors:

Privacy

Eden is dedicated to ensuring that all customer and user personal data is treated in accordance with California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR).

See our privacy policy here.

How to Contact Us

If you have any questions that weren’t answered above, please feel free to reach out to our team at help@edenworkplace.com and we’ll get back to you as soon as the best person for your question is available.