EchoSpan Trust Center

This document provides an overview of EchoSpan’s security practices, controls, and infrastructure supporting the delivery of its SaaS platform. EchoSpan is committed to protecting the confidentiality, integrity, and availability of customer data through a combination of technical safeguards, operational processes, and secure cloud infrastructure. The controls described herein are designed to align with industry best practices and support customer security and compliance requirements.

This document provides an overview of EchoSpan’s Business Continuity and Disaster Recovery (BCP/DR) program, including the processes and controls in place to maintain service availability and protect customer data in the event of a disruption. EchoSpan’s approach is designed to support timely recovery of critical systems while preserving the security and integrity of the platform. The program is reviewed and tested periodically to ensure continued effectiveness.

This Data Processing Addendum (DPA) outlines EchoSpan’s obligations and commitments with respect to the processing of personal data on behalf of its customers. It defines the roles and responsibilities of each party and describes the safeguards in place to ensure that personal data is handled securely and in accordance with applicable data protection laws. This DPA forms part of the agreement governing the use of EchoSpan’s services.

EchoSpan is committed to protecting the privacy of individuals whose data is processed through its platform. Our Privacy Policy outlines how we collect, use, disclose, and safeguard personal information in connection with our services. It also describes the rights available to individuals under applicable data protection laws and how those rights may be exercised.

EchoSpan conducts periodic third-party penetration testing to evaluate the security of its platform and identify potential vulnerabilities. These assessments are performed by independent security firms and include testing across authentication, authorization, data protection, and application security controls. Identified findings are reviewed and remediated as appropriate.

EchoSpan utilizes a limited number of subprocessors to support the delivery of its services. These providers are engaged for core functions such as cloud infrastructure and AI-powered features. All subprocessors are evaluated for security and privacy practices and are contractually required to protect customer data in a manner consistent with EchoSpan’s Data Processing Addendum. Subprocessors process personal data only as necessary to provide the services and in accordance with EchoSpan’s instructions.

Current subprocessors include:

Microsoft Azure (Cloud Hosting and Database Infrastructure)
Provides secure cloud infrastructure, including application hosting and managed SQL database services.

OpenAI (AI Processing Services)
Supports AI-powered features within the EchoSpan platform. Data is processed solely to provide requested functionality and is not used to train publicly available models.

MailGun (SMTP Services)
Optional feature for sending system email messages, hosted in the EU.

Stripe (Payment Processing Services)
Processes customer payment transactions and related billing information.

EchoSpan’s platform is hosted on Microsoft Azure, a cloud infrastructure provider that maintains independent security and compliance certifications, including SOC 2 and ISO 27001. These certifications reflect Azure’s adherence to rigorous standards for security, availability, and confidentiality at the infrastructure level. EchoSpan leverages these controls as part of its overall security architecture.

• Standard Terms and Conditions
• GDPR Compliance Statement