EZ Works - Security Policy

Last Updated April 21, 2023

At EZ Works, we take the security and privacy of customer data very seriously. Keeping customer information safe is embedded into our approach to product development and execution. Our policy covers the following aspects of security: data, application, product, people, and information.

Data security

Data encryption

  • Data in transit: all data transferred between the user’s browser and our servers is encrypted in transit. We use TLS v1.2
  • Data at rest: data is encrypted at rest in AWS using AES-256 key encryption.

Data center security

  • We use Amazon Web Services (AWS) to host its production servers, databases, and supporting services.

Data availability

  • Our production systems and data are backed up on a regular basis. We run through a checklist to verify data is recorded and usable. Backups are tested on a periodic basis.

Application security

  • Access to our systems is limited based on employee roles and responsibilities. The principle of least privilege is enforced.
  • All changes to our application are subject to peer review and testing before being merged.
  • We maintain segregated testing, development, and production environments.

Vulnerability management

  • Our security team uses third parties to conduct penetration tests to identify deficiencies in the system that may affect critical assets.
  • We use third-party security tools to continuously scan our applications, systems, and infrastructure for security risks and vulnerabilities.
  • Our code repositories are regularly scanned for security issues using static code analysis.

Product security

  • We allow you to add an extra layer of security to your account by enabling two-step verification, also called two-factor authentication. This reduces the risk of having your account accessed by anyone else.

People security

  • Security awareness

    We have a security team to enforce secure practices and respond to security incidents quickly and efficiently.

  • Policies

    We maintain a robust set of security policies that are updated periodically to meet the demand of an evolving security environment. Policies are communicated to employees and available for review at any time.

  • Training

    Our employees and contractors are required to complete security training. Our security team provides continuous education on emerging security threats, and communicates updates with employees regularly.

  • Employee checks

    We perform background checks for potential candidates before hiring.

  • New-hire reviews

    All new hires are required to sign and acknowledge EZ Works’s information security policy and confidentiality agreements upon joining the team.

Information security

We have implemented industry-standard security features in the EZ Works platform. We have utilized experts that have built several secure financial applications and fintech platforms.

Category Description
Access Control
  • Social logins
  • Login attempts monitoring
  • Multi-factor authentication (MFA)
  • Authorized APIs
  • Key management services (KMS) and restricted database access
Data Transport Security
  • TLS access
  • Virtual Network
Data Security
  • Encryption of personally identifiable information (PII)
  • Data leakage prevention - tokenization
  • Encrypted data backup
Perimeter Security
  • Firewall
  • Intrusion detection system
  • Isolated environments
  • Restricted protocol access
Continuous Security
  • Vulnerability scanning
  • 24x7 Log monitoring system
  • Penetration tests

Upon request, we provide enterprise customers will have access to our security policies, audit logs, and results of penetration testing through the course of our engagement at the beta stage.

In parallel, we have embarked on a SOC 2 (System and Organization Controls 2) compliance program with a Trust Service Criteria (TSC) of security, availability, processing integrity, confidentiality, and privacy. The SOC 2 audit will be conducted after a 6-month period of operating controls in the beta environment.