Security at Elate
Commitment to Security and Privacy
At Elate, we strive to always provide a secure environment for our clients’ important business data. We continually evaluate our security policies and ensure that we are using industry best practices. Each employee at Elate knows the importance of protecting client data and we are committed to going above and beyond to meet our customers’ needs.

End-to-end Encryption
Elate uses end-to-end encryption to protect data being transmitted to our back-end systems and keep it encrypted while at rest. As an extra precaution, all credentials required for the communication with third parties are encrypted at the column-level. This extra layer helps to ensure that your connections to any third-party systems cannot be abused.

Roles and Permissions
We use a strict set of role and permission rules to ensure that no data is shared with an unauthorized user. Data is locked down at organization, group, and object visibility levels so that a bad actor cannot access organizational data they are not permitted to.

Authentication
Elate currently offers OAuth via Google as well as standard username and password when authenticating with our systems. We are always working to add additional secure mechanisms for authentication. On request, an organization can have modes of authentication disabled for their users.

The default authentication method for third-party systems is OAuth2. If it is not available, Elate securely encrypts and stores API keys.

Data Privacy
Your organization’s data is yours to keep. Elate does not sell customer data to anyone. Elate goes one step further and ensures that your metric information is always stored in aggregate and does not persist the source data on our servers.

For additional information, you can view our full privacy policy here.

Access Control
Elate does not interact with third-party customer data except to investigate any customer reported issues. Admin access is very tightly controlled at Elate. Only a select few members of the team are given access to our highest api access level and must use more secure means of authentication. Our database access is limited to only essential personnel who administer it.

Backups and DR
All data collected by Elate is regularly backed up to ensure a safe data recovery process. Elate also provides a 4-day rolling window for backups. Old backups are safely destroyed when no-longer required.

Platform Security
Elate’s back-end systems are managed via Heroku. Heroku regularly performs audits and maintains PCI, HIPAA, ISO, and SOC compliance. For a complete list of security certifications, you can visit Heroku.com/compliance.