Security & Privacy
We use enterprise-grade security practices to keep your data safe.
As customers entrust Eber with some of their most valuable data, keeping customer data safe is our priority. Eber undergoes regular tests performed by 3rd parties, encrypts data at rest and in-transit, and our solution is designed to be compliant with privacy laws such as GDPR of Europe and PDPA in Singapore.
✅ Data & Application
Data and application security-related features maximize your ability to ensure data security.
Eber encrypts your data aligning with industry-tested and accepted standards. We use TLS 1.2 minimum for data in transit and encryption at rest for all instances and databases. We use AES-256-bit encryption to secure your database connection credentials and data stored at rest.
Web Application Firewall
Industry-leading Web Application Firewall with automatic updates to block against the latest threats spotted around the world.
Application Role Based Access Control
Availability of Role-Based access to Eber Admin portal. Your staff access to the Eber application can be granted access to the selected role. This gives your team a need-to-know basis for your valuable customer data.
The availability of two-factor authentication (2FA) adds an extra layer of security to identity and access to the Eber Admin portal. Username and password alone will not be enough to access your valuable customer data.
Access to admin and customer portal actions are logged in encrypted storage. Data changes by authorised or unauthorized are recorded for investigation purposes.
Secure Software Development
Eber utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.
Secure and reliable infrastructure is key to Eber platform.
Eber uses Amazon Web Services (AWS) for secure and resilient hosting. AWS data centres are monitored by 24×7 security, biometric scanning, and video surveillance and are continuously certified across a variety of global security and compliance frameworks.
Eber regularly scans production infrastructure, applications and networks for vulnerabilities performed by 3rd parties to identify potential vulnerabilities that could impact our systems.
DNSSEC to block DNS hijacking attacks. We go in-depth, enabling every security measure we can.
DDoS protection is enabled against all known infrastructure attacks to minimize application downtime and latency.
✅ Organizational and Operational Security
Eber personal completes ongoing security training, including topics like information security, data privacy, and password security. We ensure all employees participate in helping secure our customer data and company assets.
Security is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data.
Eber maintains vendor risk management practices to ensure third parties are scrutinized and maintain expected levels of security controls.
Continuous Security Control Monitoring
Eber automates and continuously monitor 100+ internal security controls across the organization against the highest possible standards. Automated alerts and evidence collection allow Eber to confidently prove its security and compliance posture any day of the year while fostering a security-first mindset and culture of compliance across the organization.
✅ Enterprise-grade compliance
We have worked to enhance our products, processes, and procedures to ensure our practices are GDPR-compliant.
Eber is currently in the process of pursuing our ISO 27001 Certification. We adhering to the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
Eber is committed to achieving and maintaining the trust of our customers, partners, and employees through these efforts. If you have any security or privacy questions please contact us at firstname.lastname@example.org.