Security
Last Modified: Nov 2019
Protect your research participant data
The Ethnio platform is trusted by hundreds of organizations around the world. Our Service Level Agreement (SLA) outlines our commitment to protect and secure your data, and our Privacy Policy details how your participant’s data is used and stored safely.
Ethnio stores all customer data in a TierPoint-managed SOC 2 Type 2 accredited data center and is under engagement with A-LIGN for complete organizational SOC2 Type 1 & Type 2 certification.
GDPR
You decide what data you retain or delete. Easily set options to automatically delete screener responses, scheduling emails, and incentive records from all account – only store data for the time it is needed. Read more about Ethnio’s GDPR commitment.
Two factor authentication (2FA)
Keep your data secure by adding an extra level of protection to user accounts. Require all memeber enter an authentication token prior to gaining access to Ethnio. Read more about 2FA.
CCPA
Ethnio is fully compliant with TheCalifornia Consumer Privacy Act (CCPA), a new California privacy Law, where applicable. Many of our customers work hard on CCPA compliance, so it’s important that Ethnio supports that compliance by giving customers control of our platform and through our own terms and policies. Read more.
Privacy Shield Certified
Ethnio complys with the EU-US & Swiss-US Privacy Shield principles of notice, choice, accountability, security, access, and data. This includes the right to opt out of personal information being disclosed to a third party. Read more.
Single Sign-on (SSO)
Make signing in a breeze with SSO authentication. Get full access to Ethnio with one simple login. Ethnio supports most IdPs: from Okta, to OneLogin, and more. Read more about SSO.
Pentests & vulnerabilities
Ongoing penetration testing are performed, using the Cobalt platform, to ensure your data is safe and secure. This measures the security posture of a target system or environment and helps us scan for vulnerabilities through the year.
Physical security controls
Remote backups are performed regularly and stored in a different physical location from the main servers. Color and Rimuhosting provide UPS, generators, and real-time monitoring.
Full user access control
Define what users can see and do within your Ethnio account. Make sure data is safe from unauthorized users, even those within your organization – setting limits and permissions for billing, invoices, and incenitves.
HIPAA
Ethnio fully supports HIPAA compliance, but no research tool or SaaS can ever be truly HIPAA compliant as it is not about the platform, but the users.
Ethnio’s security and privacy standards meet the highest tier for research software, including every component Virta would need for approval.
Security issues or questions?
If you have any questions or want to report a vulnerability, or if you suspect someone has violated Ethnio’s terms and conditions, please contact the Ethnio Security Team at security@ethn.io