Security and compliance is of paramount importance to us. We focus on providing a secure environment that goes above and beyond industry security standards and guidelines. The following is an overview of the steps we take to secure our customers’ most sensitive information.
We appreciate and respect responsible disclosure. Report an issue and we will respond within 24hrs.
Payment Card Industry (PCI) Compliance
Our payment processor is a validated PCI DSS (Level 1) Compliant Service Provider, is on Visa’s Global Compliant Provider List and MasterCard’s SDP List.
Authentication and Session Management
We require all users to authenticate each time they use eagle.io. Passwords are never stored directly in the database, but are salted and hashed using a slow hash function to increase security. In addition, all communication between our users and us is conducted in a highly secure fashion using the TLS 1.2 Protocol, a 2048 bit RSA key, and the ECDH 256 bit cipher suite.
Two-Factor Authentication (optional)
Two-Factor authentication adds an extra layer of security to your account. This feature is optional, and can be enabled by clicking the Enable Two-Factor Authentication button. Once enabled, you will need to provide a code along with your username and password when logging in.
Data Hosting Facilities
We make exclusive use of ISO27001 compliant data hosting facilities located in Australia.
Prohibited Data Storage
We never store our customers credit card numbers, these are handled by our payment processor.
User Data Segregation
We have a SHA256 certificate which assures all users that they are communicating with the genuine eagle.io website at all times.
Our network has been set up in a secure fashion with minimal access to outside networks. Only VPN access is allowed to our servers from whitelisted IPs. Internally, we use segmented networks so only servers which work together can communicate with each other. We facilitate secured patching and software updates of all our systems, including watching numerous online resources for the latest vulnerabilities. All of our employees undergo training on relevant security matters that pertain to their job.
We have been awarded ISO 27001:2013 (Information Security Management Systems) certification.
We are continually seeking to enhance our already robust security and compliance framework. We are currently undergoing assessment for inclusion in the Security, Trust and Assurance Registry of the Cloud Security Alliance, which certifies cloud provider trust and assurance.
This Document was last modified on June 15, 2021.