Data Security Policy
This document outlines the Data Security Policy of Ecosysteme.ai.
We are committed to ensuring the confidentiality, integrity, and availability of your data across our platform and services.
1. Scope
1.1 This policy describes the technical and organizational security measures implemented by Ecosysteme.ai to protect your data. It may be updated from time to time, but the terms effective at the time of subscription will remain applicable for the duration of your contract.
1.2 All defined terms used herein refer to those found in the Ecosysteme.ai Terms and Conditions.
2. Organisational Access Control
2.1 Ecosysteme.ai employees are required to follow strict internal policies, which include:
(a) An obligation not to disclose any proprietary or Subscriber-related information to unauthorized parties.
(b) An obligation to report any actual or suspected security incidents to management without delay.
2.2 Ecosysteme.ai staff only access Subscriber Data on a need-to-know basis in the following cases:
(a) Technical support.
(b) System administration, maintenance, and backups.
(c) Actions explicitly authorized in writing by the Subscriber.
2.3 Background checks are performed for employees with access to Subscriber Data during hiring.
2.4 Employees receive mandatory training on data protection and security at onboarding and at regular intervals.
3. Cloud Infrastructure
3.1 Ecosysteme.ai uses industry-leading cloud infrastructure providers (IaaS) to host and process data securely.
3.2 Our IaaS providers:
(a) Restrict access to infrastructure and Subscriber Data to authorized personnel with a legitimate business need.
(b) Log and audit all physical access to their data centres.
(c) Inform us of the geographic locations of data centres, which may span several global regions.
(d) Monitor critical systems and perform preventive maintenance.
(e) Have robust disaster and environmental protection systems in place.
3.3 All data centres:
(a) Are live and production-ready (not “cold” facilities).
(b) Automatically reroute data in case of failure.
(c) Have redundant power, fire suppression, and environmental controls.
(d) Ensure 24/7 uptime through fully redundant systems and real-time monitoring.
4. Technical Security Measures
4.1 Our platform uses current security agents, antivirus, and malware protection with timely patch management.
4.2 We maintain a Disaster Recovery Plan aligned with our SLAs (Recovery Time Objectives and Recovery Point Objectives).
4.3 Penetration testing by Subscribers is not permitted unless explicitly authorized in writing.
4.4 Database infrastructure is securely isolated from application servers and internet exposure via firewalls.
4.5 All data in transit is encrypted using AES-256 or equivalent encryption standards.
4.6 Access to our platform is restricted to:
(a) HTTPS-secured sessions.
(b) Authenticated accounts with strong passwords.
4.7 Passwords are never stored or transmitted in plain text.
4.8 Our infrastructure is protected against intrusion at network, host, and application levels using industry-standard firewalls.
4.9 Virtualized instances hosted by IaaS providers are isolated via hypervisors to ensure tenant separation.
4.10 Our providers access virtualized disk volumes only — no raw disk access is permitted.
5. Exclusions
5.1 Some third-party services may integrate with our platform and process Subscriber Data.
5.2 This policy does not apply to any data processed, stored, or transmitted outside the Ecosysteme.ai platform.
5.3 We are not liable for the security practices or failures of third-party services used independently by Subscribers.
5.4 This policy excludes:
(a) Any information shared with us that is not stored within the Ecosysteme.ai platform.
(b) Data processed through Subscriber-controlled VPNs or third-party networks not contracted by Ecosysteme.ai.
5.5 Ecosysteme.ai excludes liability for any breach, misuse, or loss of data resulting from usage that violates this policy or our Terms of Service.
We are committed to ensuring the confidentiality, integrity, and availability of your data across our platform and services.
1. Scope
1.1 This policy describes the technical and organizational security measures implemented by Ecosysteme.ai to protect your data. It may be updated from time to time, but the terms effective at the time of subscription will remain applicable for the duration of your contract.
1.2 All defined terms used herein refer to those found in the Ecosysteme.ai Terms and Conditions.
2. Organisational Access Control
2.1 Ecosysteme.ai employees are required to follow strict internal policies, which include:
(a) An obligation not to disclose any proprietary or Subscriber-related information to unauthorized parties.
(b) An obligation to report any actual or suspected security incidents to management without delay.
2.2 Ecosysteme.ai staff only access Subscriber Data on a need-to-know basis in the following cases:
(a) Technical support.
(b) System administration, maintenance, and backups.
(c) Actions explicitly authorized in writing by the Subscriber.
2.3 Background checks are performed for employees with access to Subscriber Data during hiring.
2.4 Employees receive mandatory training on data protection and security at onboarding and at regular intervals.
3. Cloud Infrastructure
3.1 Ecosysteme.ai uses industry-leading cloud infrastructure providers (IaaS) to host and process data securely.
3.2 Our IaaS providers:
(a) Restrict access to infrastructure and Subscriber Data to authorized personnel with a legitimate business need.
(b) Log and audit all physical access to their data centres.
(c) Inform us of the geographic locations of data centres, which may span several global regions.
(d) Monitor critical systems and perform preventive maintenance.
(e) Have robust disaster and environmental protection systems in place.
3.3 All data centres:
(a) Are live and production-ready (not “cold” facilities).
(b) Automatically reroute data in case of failure.
(c) Have redundant power, fire suppression, and environmental controls.
(d) Ensure 24/7 uptime through fully redundant systems and real-time monitoring.
4. Technical Security Measures
4.1 Our platform uses current security agents, antivirus, and malware protection with timely patch management.
4.2 We maintain a Disaster Recovery Plan aligned with our SLAs (Recovery Time Objectives and Recovery Point Objectives).
4.3 Penetration testing by Subscribers is not permitted unless explicitly authorized in writing.
4.4 Database infrastructure is securely isolated from application servers and internet exposure via firewalls.
4.5 All data in transit is encrypted using AES-256 or equivalent encryption standards.
4.6 Access to our platform is restricted to:
(a) HTTPS-secured sessions.
(b) Authenticated accounts with strong passwords.
4.7 Passwords are never stored or transmitted in plain text.
4.8 Our infrastructure is protected against intrusion at network, host, and application levels using industry-standard firewalls.
4.9 Virtualized instances hosted by IaaS providers are isolated via hypervisors to ensure tenant separation.
4.10 Our providers access virtualized disk volumes only — no raw disk access is permitted.
5. Exclusions
5.1 Some third-party services may integrate with our platform and process Subscriber Data.
5.2 This policy does not apply to any data processed, stored, or transmitted outside the Ecosysteme.ai platform.
5.3 We are not liable for the security practices or failures of third-party services used independently by Subscribers.
5.4 This policy excludes:
(a) Any information shared with us that is not stored within the Ecosysteme.ai platform.
(b) Data processed through Subscriber-controlled VPNs or third-party networks not contracted by Ecosysteme.ai.
5.5 Ecosysteme.ai excludes liability for any breach, misuse, or loss of data resulting from usage that violates this policy or our Terms of Service.