Eden uses Amazon Web Services (AWS) for data hosting. AWS data centers have 24x7 security monitoring, biometric scanning and video surveillance. They are also SOC 1, SOC 2 and SOC 3 certified.
Eden is SOC2 compliant. We have been audited by an independent firm for the trust services criteria relevant to security as set forth in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Trust Services Criteria).
All data transfers between customers and Eden are secured using Transport Layer Security (TLS 1.2+) and industry-standard encryption. Additionally, customer data is encrypted at rest using AES256.
We work with a third-party security firm to perform penetration tests on an annual basis, at minimum.
All personnel complete ongoing security training, including topics such as information security, data privacy, and password security. There are strict data security policies that govern employees, including acceptable use and password compliance.
We support single sign on options with SAML 2.0.
An incident response plan is maintained that provides the objectives, classification and procedures of our incident response. We engage a third-party expert, at least annually, to lead us through exercises to assess the ability of our Incident Response Team to execute on the plan.
Secure development and change management policies provide controls for our system development functions. We have strict policies to ensure code quality and security.
We have a vendor approval process, ensuring reviews of all vendors before engaging with them and ongoing review once engaged. All vendors must go through a business, legal, and security review before they are approved, and SOC reports are reviewed where applicable.
Employee accesses are limited, following a least access principle. Accesses are reviewed quarterly.
We have daily and point in time recovery with AWS Postgres RDS. Backups are replicated to a separate region and retained for 30 days. We are continually backing up data and could have at most five minutes of data loss.
We continually monitor our system performance and have automated alerts to ensure a quick response to any service interruptions. You can see our system status here.
Data is stored in the United States. We use the Standard Contractual Clauses to cover regulatory requirements in countries where applicable.
We use the following subprocessors:
Eden is dedicated to ensuring that all customer and user personal data is treated in accordance with California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR).