Security at Evren

 
 

Thispageprovidesa noverviewo fthesecuritymeasurestakenb yEvent oprotectsourcecode,vulnerabilitydataanduserdatahostedo nourplatformfromunauthorizedaccess. Whererelevant,w eincludelinkst osecurityguidelinesa n dresourcesdevelopedb ythirdparties.

Data Storage

Evren is operating on the Amazon Web Services (AWS) platform. Ali data is stored encrypted at rest and continuously backed up securely. The AWS data centers employ a set of advanced physical, network and software security measures to ensure integrity and safety of customers' data. Additionally, Evren follows ali applicable security best practices, such as:

  • Secure access: Data transferred between Evren servers on AWS and other facilities is secured via SSL endpoints using the HTTPS protocol.
  • Multi-factor authentication: Use of multi-factor authentication is enforced for all critical services used by Evren thus reducing the risk of unauthorized access.

Evren does not store any sensitive customer or end-user data. Ali üşer data across systems can be deleted upon request.

Data Transfer

Evren uses a secure channel using 256-bit SSL (Secure Socket Layers) encryption, the standard for secure Internet connections for ali the traffic between desktop clients, mobile devices and our servers as well. Ali SSL termination points are hardened to provide highest levels of security.

Evren uses Let's Encrypt certificates to ensure secure and short lived certificates that are automatically renewed on a quarterly basis.

Patch Management

Wherever possible, Evren relies on managed services, which take care of ali updates and security fixes automatically and in the most timely fashion possible.

Evren has an internal Vulnerability Management Policy to ensure ali un-managed systems are kept up-to-date and free of known vulnerabilities.

Secure Coding

Evren uses GuardRaiIs to continuously check for security issues in code, known vulnerabilities in dependencies and hard-coded secrets.

It's our policy to fix ali issues in a PR, before the changes can be merged. For critical repositories, a peer-review workflow is required to merge changes.

Incident Response Plan

Evren has an internal Data Breach Response Policy and an incident Response Plan to ensure timely action in the unlikely event of a breach.

Logging and Monitoring

Both application logs and production system logs are sent in real time to a centralized logging infrastructure. These logs are not directly accessible outside our organization. Logs do not contain sensitive data, or passwords and are retained for 18 months.

Privacy

For information on our privacy guidelines, please View our privacy policy

Bug Reporting

We encourage responsible reporting of security vulnerabilities and software bugs. in the case that you found a vulnerability, please report it to Informationsecurity@evren.co and abstain from publicly announcing it before it is fixed. Please note that we discourage attempts to gain illegitimate access to another user's account or data, compromise the reliability and/or integrity of our services, and üşe of automated tools to find vulnerabilities.

Our community plays an important role in helping us stay bug-free and secure.