We at ECHO take data security very seriously. All your data is secured and encrypted using best-in-class technology. Your encrypted data may be accessed only by authorized personnel from ECHO Institute and ECHO India, and is never shared with any 3rd party. Read our Terms of Use and Privacy Policy for more information.

<aside> ⚠️ Your password is stored in an encrypted format. ECHO employees cannot view your password, and we will never ask you for your password or one-time-passwords (6-digit code). In case you are contacted by an individual asking you for your iECHO password or OTP, please contact iECHO support immediately.

</aside>

Secure Cloud Infrastructure

• We use best-in-class server infrastructure technology from our partner AWS (Amazon Web Services)

• We have implemented best practices in infrastructure security based on the recommendations of the Amazon Cloud Security team, including

  • Strong access controls to sensitive infrastructure components
  • 2 factor authentication for security staff
  • Regular system upgrades and security patches

  … for further technical details, please contact us at [email protected]

• Our systems have been audited by an independent third party cybersecurity consulting firm

State of the art encryption and anonymization

• All data transfer within ECHO systems is encrypted using latest TLS 1.3 security protocols and is never shared with any 3rd party
• All reporting and aggregated analytics data is automatically cleaned and all personally identifiable information is removed from ECHO’s internal reporting systems

Secure-by-design — robust user authentication

• All users on iECHO have to authenticate themselves using either an email ID or a phone number, verified with a one-time-password (OTP)
• iECHO implements role-based access control (RBAC) at an organization level. Data of one organization cannot be seen by a user in another organization (hub). In addition, granular role assignments allows hub teams to choose between Owner, Admin, and Member
• This restricts unknown participants from entering the Zoom session and potentially disrupting the ECHO operations (Read more about Zoombombing)

Data Security & Data Privacy Framework

• At present, iECHO is compliant with data protection and data privacy laws in the jurisdiction of United States and India.
• We are working with legal counsel to ensure we can provide legal compliance in other global jurisdictions in due time.
• Log management: We maintain de-identified system logs of all network activity in our systems for audit purposes
• Incident management: We follow the NIST (National Institute of Standards & Technology) 5 step framework for cyber-incident response and management