Here at Everplans we are very serious about your security. We realize that you are trusting the Everplans service with the most important information and documents you own. Your information is encrypted and protected with industry-leading technology and security.
Securing Your Data at Rest
Within our systems, all your data is stored using AES-256 encryption with a uniquely derived key for each user as recommended by NIST Special Publication 800-132. We encrypt every single personally identifiable field in the database, including your name and email address. For searching and indexing, we hash a small number of fields using HMAC. We apply the same encryption technique to all files you upload.
As with all systems such as ours, the security of your information depends on you. Choose a strong password (we enforce that as best we can) and never share it with anyone. Everplans is a secure system for sharing information with others via our deputy function.
Securing Your Data in Transit
All communications between you and Everplans are encrypted via SSL using 2048-bit certificates and we require SSL on all communications. We support perfect forward secrecy so that even if someone eavesdrops on your communication, they will still not be able to decrypt the data in the event that our key is compromised.
Operational Procedures to Keep the Site Secure
Everplans follows best practices to keep your data secure. We regularly audit our environments and code for security issues and apply patches expeditiously. We use commercial services that regularly check our site (including McAfee Secure) and we retain our own security experts to probe and verify the security of our site.
Administrative Access to your Information
Our strict internal procedures prevent any Everplan employee or administrator from gaining access to your account, beyond a limited set of data necessary to help grant you access to your account (e.g. triggering confirmation emails) and restricting access to your account in urgent circumstances (e.g. limiting or removing a deputy’s access). Everplans administrators can never see the plan information that you fill out or any documents that you upload. Everplans logs and regularly audits all accesses to your account, whether by you, an administrator or your deputies.
Two Factor Authentication
Security is not just about protecting your data, it is also about protecting access to your account. By enabling Two Factor Authentication, whenever you sign into your Everplan from a new computer, device, or browser, we will send a unique code to your phone that you must input as part of your login.
This extra layer of security makes sure that even if a bad guy steals your password from you (or from a site that’s less secure than Everplans), he won’t be able to access your Everplan.
Everplans is compliant under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which means we manage the privacy and security of your information in accordance with the extremely formal and rigorous requirements of HIPAA, a compliance framework designed to protect sensitive personal and health information, especially any information held electronically. Not only do we hold ourselves to this high standard, we ensure that any external parties through which your information is transmitted are liable for protecting the privacy and security of your information to the same extent as us.
Everplans has undergone a Type II Service Organization Control 2 (SOC 2) examination, resulting in an independent CPA’s report and certification. A SOC 2 Type II report assures you that Everplans has established and continues to follow strict information security policies and procedures, and provides independent, third-party verification that Everplans’ operations meet or exceed defined levels of processes and controls for the security of customer data.