Payment Card Industry (PCI) Compliance
Our payment processor is a validated PCI DSS (Level 1) Compliant Service Provider, is on Visa’s Global Compliant Provider List and MasterCard’s SDP List.
Authentication and Session Management
We require all users to authenticate each time they use eagle.io. Passwords are never stored directly in the database, but are salted and hashed using a slow hash function to increase security. In addition, all communication between our users and us is conducted in a highly secure fashion using the TLS 1.2 Protocol, a 2048 bit RSA key, and the ECDH 256 bit cipher suite.
Two-Factor Authentication (optional)
Two-Factor authentication adds an extra layer of security to your account. This feature is optional, and can be enabled by clicking the Enable Two-Factor Authentication button. Once enabled, you will need to provide a code along with your username and password when logging in.
Data Hosting Facilities
We make exclusive use of ISO27001 compliant data hosting facilities located in Australia.
http://www.iso.org/iso/home/standards/management-standards/iso27001.htm
Prohibited Data Storage
We never store our customers credit card numbers, these are handled by our payment processor.
User Data Segregation
Identity Assurance
We have a SHA256 certificate which assures all users that they are communicating with the genuine eagle.io website at all times.
Reliability
Disaster Recovery
Activity Observation
Change Control
Penetration Testing
At least quarterly, we conduct automated vulnerability scans. In addition, routine penetration testing is conducted to assess our security against external threats.
Securing Access
Our network has been set up in a secure fashion with minimal access to outside networks. Only VPN access is allowed to our servers from whitelisted IPs. Internally, we use segmented networks so only servers which work together can communicate with each other. We facilitate secured patching and software updates of all our systems, including watching numerous online resources for the latest vulnerabilities. All of our employees undergo training on relevant security matters that pertain to their job.
Additional Certifications
We are continually seeking to enhance our already robust security and compliance framework. We are currently undergoing assessment for inclusion in the Security, Trust and Assurance Registry of the Cloud Security Alliance, which certifies cloud provider trust and assurance.