Your Data. Our Responsibility.
Your clients trust you with sensitive information. EstateSpace is built to protect it.
Confidentiality & Privacy
- Security processes to make sure that customer data is accessed only by those who have permission.
- Role-based access controls
- Restricted access to accounts
Infrastructure Security
- Infrastructure safeguards that prevent unauthorized access to data through AWS.
- SSAE 16 Type 2-compliant data centers
- HTTPS connections with AWS
- Built in firewalls using AWS VPC
Application Security
- Built-in security features across web and mobile using Strict Transport Security.
- HTTPS/TLS 1.2
- Perfect forward secrecy
- Mobile app 256 bit key encryption
- OWASP secure
Data Security
- Industry best practices to prevent data loss from disaster or hardware failure.
- Industry leading Amazon Web Services in the Cloud
- Frequent, automated backups
- 24/7/365 monitoring and threat response
Compliance and Certifications
We meet or exceed the most current standards for security compliance and partner only with certified providers.
Cloud Infrastructure
- Data is stored using Amazon Web Services (AWS).
- Utilizes a securely managed sharded MongoDB cluster
- AWS is an industry leader in cloud infrastructure security, designed for the most security-sensitive organizations
Penetration Testing
- EstateSpace undergoes continuous security and performance testing
- Services are hardened to manage risk and limit threats
- Testing reports available upon request
Cloud Security Monitoring
- Cloud infrastructure security and monitoring is managed by Mission
- Mission is a Premier Consulting Partner in AWS and the Amazon Partner Network (APN).
- Mission is SOC 2 Type II certified, ensuring compliance and security best practices
ISAE 3402
- EstateSpace aligns with the ISAE 3402 assurance standard
- Evaluates the controls over services and applications relevant to the customer
- Enables auditors to assess internal control over financial reporting
SOC 2 Type I & II
- EstateSpace partners only with SOC 2 or SOC 3 certified subservice organizations
- All client data and application dependencies are maintained within certified boundaries
- Provides verifiable assurances of data security and operational controls
HIPAA
- EstateSpace is fully HIPAA-compliant
- Adheres to all physical, administrative, and technical safeguards
- Ensures the protection and integrity of electronic Protected Health Information (ePHI) for covered entities and business associates
GDPR
- EstateSpace is GDPR-compliant
- Adheres to data collection limited to only necessary information
- Ensures the protection and integrity of personally identifiable information (PII) for covered entities and business associates
Request Our Security Brief
Have questions about how we protect your data? Our team is available to walk you through our security infrastructure and compliance.