Beta

Security & Privacy Commitment

Building enterprise-grade security from day one. We implement industry best practices to protect your data.

Currently in Beta

Equish is actively building towards enterprise compliance standards. While we implement robust security practices, we are not yet certified for SOC 2, ISO 27001, HIPAA, or other formal compliance frameworks. We are transparent about our current capabilities and committed to achieving these certifications as we grow.

Security Practices We've Implemented

These security features are actively implemented and protecting your data today

Multi-Tenant Isolation

Implemented

Database-level tenant isolation ensures organizations cannot access each other's data.

Encrypted Storage

Implemented

All passwords hashed with bcrypt. Sensitive data encrypted. TLS 1.2+ for all connections.

Access Control

Implemented

Role-based permissions (admin/employee). Optional 2FA with TOTP. Session management.

Audit Logging

Implemented

Comprehensive audit logs track all user actions with timestamps and IP addresses.

Additional Security Features

Password Security

Bcrypt hashing with 10 rounds. NIST 2024 compliant password standards (12+ characters).

API Key Management

Secure API keys with HMAC-SHA256 hashing, IP whitelisting, and granular permissions.

Rate Limiting

API rate limits prevent abuse. Redis-backed with in-memory fallback for reliability.

Session Management

JWT tokens with refresh rotation. Session revocation on password change.

Data Portability

Export your data anytime. JSON format for easy migration. No vendor lock-in.

Right to Deletion

Delete your account and data at any time. Automated cleanup processes.

Privacy Commitment

We take privacy seriously and are building towards GDPR compliance. Here's what we do today:

Store only data necessary for service functionality
Never sell or share your data with third parties
Provide data export and deletion capabilities
Use encrypted connections (TLS 1.2+) for all data transmission
Hash passwords with industry-standard bcrypt
Maintain audit logs for security and accountability
Implement automatic data anonymization for old records

Privacy Best Practices In Development:

Formal Data Processing Agreement (DPA) template
Cookie consent management system
Enhanced data retention policies
Privacy impact assessments

Our Compliance Roadmap

Current Phase

Building Security Foundation

Implementing core security practices: multi-tenant isolation, encryption, audit logging, and access controls.

Next: Q2 2025

Security Assessment & Hardening

Third-party security audit, penetration testing, and vulnerability assessment.

Future: 2025-2026

Formal Compliance Certifications

Pursue SOC 2 Type II, GDPR compliance verification, and industry-specific certifications based on customer demand.

Questions about security or privacy?

We're transparent about our security practices and compliance journey. Contact us to learn more.

Privacy Commitment

We take privacy seriously and are building towards GDPR compliance. Here's what we do today:

Store only data necessary for service functionality
Never sell or share your data with third parties
Provide data export and deletion capabilities
Use encrypted connections (TLS 1.2+) for all data transmission
Hash passwords with industry-standard bcrypt
Maintain audit logs for security and accountability
Implement automatic data anonymization for old records

Privacy Best Practices In Development:

Formal Data Processing Agreement (DPA) template
Cookie consent management system
Enhanced data retention policies
Privacy impact assessments

Our Compliance Roadmap

Current Phase

Building Security Foundation

Implementing core security practices: multi-tenant isolation, encryption, audit logging, and access controls.

Next: Q2 2025

Security Assessment & Hardening

Third-party security audit, penetration testing, and vulnerability assessment.

Future: 2025-2026

Formal Compliance Certifications

Pursue SOC 2 Type II, GDPR compliance verification, and industry-specific certifications based on customer demand.