<aside> 💡 800+ Companies Trust Estateably! At Estateably, the security and privacy of your client data is our top priority. We’ve built our product according to the highest security standards and industry best practices. Estateably meets SOC2 compliance standards and we regularly conduct comprehensive audits of our applications, systems, and networks to ensure that your data is always protected.

</aside>

Product security & reliability

Estateably offers many security features, including SAML SSO and Role-based access controls, to ensure best-in-class protection.

Single sign-on (SSO)

Estateably supports single sign-on (SSO). By using the customer’s existing identity management solution, Estateably provides an easy and secure way for companies to manage their team members’ access. Estateably supports identity providers like Google G Suite, Azure Active Directory, OneLogin, and Okta. Estateably also supports both SAML and OAuth-based OpenID Connect.

Role-based access control (RBAC)

Estateably supports role-based access control, which means the access of team members within an organization is dictated by their role (eg. viewer, collaborator, editor, or administrator). Administrators can edit or create roles and assign team members specific roles or revoke access using the Estateably account dashboard.

Uptime

Estateably has 99% or higher uptime.

Please visit our status page for more information.

Disaster Recovery Exercise

Estateably conducts an annual Disaster Recovery Exercise to verify the resilience of our systems and processes and ensure rapid recovery during disruptions. This exercise includes simulating different disaster scenarios to evaluate the effectiveness of our disaster recovery plans and procedures.

Cloud Security

Estateably’s security and availability architecture is built on top of SOC2 controls to enable best practice protection controls, implemented based on industry standards.

Logical Access

Access to the Estateably Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the Estateably Production Network are required to use multiple factors of authentication and complete extensive background checks along with many technical and administrative controls.

Permissions and Authentication

Access to customer data is limited to authorized privileged employees who require it for their job responsibilities. Estateably runs a zero-trust corporate network. We have SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on OKTA, GitHub, Google, AWS, and Estateably to ensure access to cloud services is protected.

Encryption

All data sent to or from Estateably is encrypted in transit using 256 bit encryption. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.

Permissions and Authentication

Access to customer data is limited to authorized privileged employees who require it for their job responsibilities. Estateably runs a zero-trust corporate network. We have SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on OKTA, GitHub, Google, AWS, and Estateably to ensure access to cloud services is protected.

Security Incident Response

In case of a system alert, events are escalated to Estateably’s teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.

Application Security

We prioritize security at every stage of our application development process to safeguard against vulnerabilities and attacks, ensuring the integrity, confidentiality, and availability of our software.

Secure Development Lifecycle (SDLC)

In our Secure Development Lifecycle (SDLC), we embed security from the planning stage by incorporating security requirements and conducting threat modelling to identify and mitigate risks. Developers adhere to secure coding practices to prevent vulnerabilities like SQL injection and XSS. Automated security tests, including static and dynamic code analysis, are integrated into our CI/CD pipelines to detect and address issues early, ensuring robust application security from the outset.

Vulnerability Management

Our Vulnerability Management program involves regular scanning using industry-leading tools to identify potential security issues, timely patch management to address vulnerabilities, and bug bounty programs that encourage external researchers to find and report security flaws.

Penetration Testing

We ensure robust application security through comprehensive penetration testing, engaging reputable third-party firms to simulate real-world attacks and identify weaknesses. Additionally, our internal security team regularly conducts penetration tests and audits to maintain ongoing security and compliance, addressing vulnerabilities promptly to uphold the integrity of our software.

Code Reviews

Our Code Review process includes static analysis to automatically detect vulnerabilities, dynamic analysis to test running applications for security flaws, and peer reviews where developers examine each other’s code to spot and mitigate potential security issues, ensuring robust and secure code quality.

Security Features

Our Security Features encompass data encryption for both data at rest and in transit, strict input validation and sanitation to prevent injection attacks, and the implementation of secure APIs with authentication, authorization, and encryption. These measures ensure the protection of sensitive data and functionality, maintaining the highest level of security across our applications.

Compliance

At Estateably, we prioritize compliance with industry standards and regulations. We maintain SOC 2 certification and adhere to industry standards for HIPAA, GDPR, and PCI. Our commitment to compliance is reflected in our regular security audits, adherence to policies, and robust risk management strategies.

Audit and Reporting

At Estateably, we consider regular security audits and compliance reporting essential components of our dedication to upholding stringent security and compliance standards. These audits, conducted annually with external parties and periodically internally, enable us to evaluate our security protocols, pinpoint potential vulnerabilities, and uphold regulatory compliance.

Policy Management

Our robust policy management framework encompasses the development and enforcement of information security policies and employee training initiatives. These policies outline the standards and procedures that govern the handling of sensitive data, access controls, and security protocols.

Risk Management

At Estateably, we prioritize proactive risk management to identify, assess, and mitigate potential threats to our systems and data. Our risk management process includes regular risk assessments to identify vulnerabilities and evaluate their potential impact on our operations. Based on these assessments, we develop comprehensive mitigation strategies to address identified risks effectively.

If you would like to review our SOC 2 Type II report, please send us a request to [email protected].

Privacy & Data Protection

At Estateably, we understand the importance of privacy and data protection for our customers. We are committed to safeguarding the confidentiality, integrity, and availability of their data through comprehensive privacy and data protection measures. Our dedication to privacy extends across all aspects of our operations, from data collection and processing to storage and sharing. With robust policies, encryption technologies, and strict access controls in place, we prioritize the protection of our customers' sensitive information, ensuring their trust and confidence in our services.

Data Privacy

We adhere to the principles of data privacy by design, data minimization, and anonymization techniques. We prioritize embedding privacy considerations into our products and services from the outset, ensuring that privacy is a fundamental aspect of our operations. By minimizing the collection and processing of personal data to only what is necessary for our business purposes, we reduce the risk of unauthorized access or misuse. Additionally, we employ anonymization techniques to protect individual privacy while still extracting valuable insights from data.

Data Encryption

At Estateably, we utilize industry-standard encryption technologies to protect the confidentiality and integrity of our customers' data. Data encryption is a cornerstone of our security strategy, with AES-256 encryption used for data at rest and Transport Layer Security (TLS) employed for data transmitted over networks.

Access Controls

Access to customer data is limited to authorized privileged employees who require it for their job responsibilities. Estateably runs a zero-trust corporate network. We have SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on OKTA, GitHub, Google, AWS, and Estateably to ensure access to cloud services is protected.

Data Retention and Disposal

We are committed to responsible data management practices, including data retention and disposal. We adhere to strict data retention policies that govern the length of time we retain customer data, ensuring that data is retained only for as long as necessary to fulfill its intended purpose or comply with legal requirements. When data reaches the end of its lifecycle, we employ secure deletion practices to permanently erase it from our systems, minimizing the risk of unauthorized access or misuse.

For more information, you can access our Privacy Policy here.