Enterprise-grade security
Your data security is our top priority. We use industry-leading practices to keep your information safe.
AES-256 Encryption
All data encrypted at rest using bank-level AES-256 encryption. TLS 1.3 for data in transit.
Security-First Architecture
Built with industry-leading security practices including data isolation, secure authentication, and comprehensive monitoring.
Two-Factor Authentication
Optional 2FA via TOTP apps (Google Authenticator, Authy) and backup codes for enhanced account security.
Daily Backups
Automated daily backups with 30-day retention. Encrypted and stored in multiple geographic locations.
Role-Based Access Control
Granular permissions system. Limit access to sensitive features based on employee roles.
Audit Logging
Complete audit trail of all actions. Track who did what, when, and from where.
Building Towards Compliance
We're committed to meeting industry standards as we grow
Currently in beta development. As we scale and onboard enterprise customers, we plan to pursue SOC 2 Type II, GDPR compliance, and other industry certifications. Our architecture is built with these standards in mind from day one.
Incident Response
We're building comprehensive security practices to handle security events quickly and effectively.
- Security monitoring and logging
- Rapid response protocols
- Transparent communication
- Continuous security improvements
Report a security issue: security@equish.app
Security FAQ
Where is my data stored?
Data is stored in secure cloud infrastructure (AWS). We follow industry best practices for data protection.
Can employees access each other's data?
No. Employees can only see their own schedules and data. Managers see their team. Data is isolated by organization.
Do you have a bug bounty program?
We welcome responsible security disclosure. Contact us at security@equish.app
How often do you perform security audits?
We perform regular security reviews and vulnerability assessments as part of our development process.
What happens if you have a data breach?
We will notify affected customers within 72 hours, work with authorities, and provide detailed incident reports.
Questions about our security?
Contact our security team or request a detailed security whitepaper