Echosec Systems does not require access to users' personally identifiable information.
What Data Does Echosec Systems Receive from You?
To deliver our products, Echosec Systems requires a few pieces of your information:
- When you sign the contract, a summary of what you will use the product to search for and what you’ll do with the results (your “use case”).
- At account creation, a unique identifier for each user of the system — usually an email address.
- As you use the product, the search terms you want to retrieve results for (keywords, locations, usernames, and so on), which are chosen by you.
That’s all the data we take. We do not require access to any personally-identifying information, including that of your employees. As we do not integrate with your technical infrastructure, we do not require any of your technical or network information or have access to your intellectual property or physical locations.
A copy of all the information we have stored from your organization can be provided on request.
Why Does Echosec Systems Need This Data?
Your use case is an important part of our compliance process. We need an acceptable use case to ensure you’re using the product legally and ethically, and to determine which data providers you can access. Contact us for more information on what this entails and how we’ll use your use case submission.
Each account on an Echosec Systems product needs a unique identifier so you can sign in. The preferred identifier is an email address, which will be used to send notifications when new data is found by your saved searches. You can also use usernames if you prefer to not provide an email address for your account.
Echosec Systems receives your search terms as you provide them through the interface. For example, if a user types in a search keyword, we receive that keyword. We forward these search terms to each of our data providers as part of the data retrieval process. Some data providers have direct access to your search keywords, but not your identity. We also store these search terms as necessary for audits.
Echosec Systems does not use your data for any purposes unrelated to the service or your contract. We do not sell or redistribute your data to third parties or release your data to the public.
How Does Echosec Systems Store Your Data?
All data received from our customers is stored in our primary data store, a secure database run by Microsoft Azure in a U.S. data centre. This database is located on a private subnet inside the Echosec Systems cloud network. We follow industry best practices to protect and secure your information in this database, including IP whitelisting and encryption in transit. Access to this data store is tightly controlled by administrative policies. Physical security of the Echosec Systems data store itself is handled by Azure. You can read more about these processes here.
Echosec Systems maintains automated backups of its data stores. These backups are protected using the same technologies and processes as the data stores themselves and are used to ensure continuity of service. Backups are automatically purged after 7 days.
Echosec Systems will inform you within 72 hours of any suspected or confirmed breaches of any part of our data security systems, should such an event occur. Our breach reporting procedures conform to GDPR standards, even if no personal data was contained in that breach.