EchoSpan Trust Center
Security, privacy, and compliance information for customers and partners
EchoSpan is committed to maintaining the security, privacy, and reliability of our platform and the data entrusted to us by our customers. This Trust Center provides an overview of our security practices, data protection measures, and operational controls. The materials below are intended to support customer due diligence and provide transparency into how EchoSpan safeguards sensitive information. For additional questions or requests, please contact support@echospan.com.
This document governs the protection and use of confidential information exchanged in connection with our services. It is designed to reflect how EchoSpan delivers and supports its platform and is used consistently across our customer base.
This document provides an overview of EchoSpan’s security practices, controls, and infrastructure supporting the delivery of its SaaS platform. EchoSpan is committed to protecting the confidentiality, integrity, and availability of customer data through a combination of technical safeguards, operational processes, and secure cloud infrastructure. The controls described herein are designed to align with industry best practices and support customer security and compliance requirements.
This document provides an overview of EchoSpan’s Business Continuity and Disaster Recovery (BCP/DR) program, including the processes and controls in place to maintain service availability and protect customer data in the event of a disruption. EchoSpan’s approach is designed to support timely recovery of critical systems while preserving the security and integrity of the platform. The program is reviewed and tested periodically to ensure continued effectiveness.
This Data Processing Addendum (DPA) outlines EchoSpan’s obligations and commitments with respect to the processing of personal data on behalf of its customers. It defines the roles and responsibilities of each party and describes the safeguards in place to ensure that personal data is handled securely and in accordance with applicable data protection laws. This DPA forms part of the agreement governing the use of EchoSpan’s services.
This document provides a detailed overview of how EchoSpan handles customer data within the platform, including how data is collected, processed, stored, and protected. It also outlines the controls available to customers to manage data access, limit exposure, configure platform features, and align usage with internal privacy and security requirements. It is incorporated by reference into the DPA.
EchoSpan is committed to protecting the privacy of individuals whose data is processed through its platform. Our Privacy Policy outlines how we collect, use, disclose, and safeguard personal information in connection with our services. It also describes the rights available to individuals under applicable data protection laws and how those rights may be exercised.
EchoSpan conducts periodic third-party penetration testing to evaluate the security of its platform and identify potential vulnerabilities. These assessments are performed by independent security firms and include testing across authentication, authorization, data protection, and application security controls. Identified findings are reviewed and remediated as appropriate.
Subprocessors
EchoSpan utilizes a limited number of subprocessors to support the delivery of its services. These providers are engaged for core functions such as cloud infrastructure and AI-powered features. All subprocessors are evaluated for security and privacy practices and are contractually required to protect customer data in a manner consistent with EchoSpan’s Data Processing Addendum. Subprocessors process personal data only as necessary to provide the services and in accordance with EchoSpan’s instructions.
Current subprocessors include:
Microsoft Azure (Cloud Hosting and Database Infrastructure)
Provides secure cloud infrastructure, including application hosting and managed SQL database services.
OpenAI (AI Processing Services)
Supports AI-powered features within the EchoSpan platform. Data is processed solely to provide requested functionality and is not used to train publicly available models.
MailGun (SMTP Services)
Optional feature for sending system email messages, hosted in the EU.
Stripe (Payment Processing Services)
Processes customer payment transactions and related billing information.
Current subprocessors include:
Microsoft Azure (Cloud Hosting and Database Infrastructure)
Provides secure cloud infrastructure, including application hosting and managed SQL database services.
OpenAI (AI Processing Services)
Supports AI-powered features within the EchoSpan platform. Data is processed solely to provide requested functionality and is not used to train publicly available models.
MailGun (SMTP Services)
Optional feature for sending system email messages, hosted in the EU.
Stripe (Payment Processing Services)
Processes customer payment transactions and related billing information.
EchoSpan’s platform is hosted on Microsoft Azure, a cloud infrastructure provider that maintains independent security and compliance certifications, including SOC 2 and ISO 27001. These certifications reflect Azure’s adherence to rigorous standards for security, availability, and confidentiality at the infrastructure level. EchoSpan leverages these controls as part of its overall security architecture.
Note: Microsoft’s SOC 2 report is available through the Microsoft Service Trust Portal and requires registration and login. This is standard for access to Microsoft compliance documentation.
Other Documents
About Our Security & Compliance Review Process
EchoSpan provides a comprehensive set of security, privacy, and compliance materials designed to support customer due diligence and procurement processes. These resources include our Data Processing Addendum (DPA), security overview, business continuity documentation, subprocessor disclosures, and related materials available through our Trust Center.
Our standard documentation is designed to align with industry best practices and supports the needs of the vast majority of customer deployments.
For standard engagements, EchoSpan utilizes its established documentation and does not typically support extensive customization of legal agreements or completion of large, enterprise-specific security frameworks.
If there are specific requirements or concerns that are critical to your organization, we are happy to review those individually and determine whether they can be addressed within our existing framework.
For larger-scale or enterprise deployments, EchoSpan can support more customized legal, security, and compliance requirements. These engagements are evaluated and scoped based on the nature and scale of the implementation.
For additional information or to discuss specific requirements, please contact support@echospan.com.
Our standard documentation is designed to align with industry best practices and supports the needs of the vast majority of customer deployments.
For standard engagements, EchoSpan utilizes its established documentation and does not typically support extensive customization of legal agreements or completion of large, enterprise-specific security frameworks.
If there are specific requirements or concerns that are critical to your organization, we are happy to review those individually and determine whether they can be addressed within our existing framework.
For larger-scale or enterprise deployments, EchoSpan can support more customized legal, security, and compliance requirements. These engagements are evaluated and scoped based on the nature and scale of the implementation.
For additional information or to discuss specific requirements, please contact support@echospan.com.