This
article confirms the robust security and confidentiality measures implemented
within the EMAK e-fax product. We are committed to protecting your sensitive
information through strict access controls, encryption, and adherence to
Canadian data hosting standards.
Key
Security Controls
1. Data Encryption
|
State
|
Control
|
Details
|
|
Data In Transit
|
HTTPS / TLS Encryption
|
All communication,
including portal access and data transfer via the REST API to our carrier, is
secured using HTTPS (TLS), preventing eavesdropping or interception.
|
|
Data At Rest
|
AES-256 Encryption
|
Fax documents (PDFs)
are stored in AWS S3 buckets and encrypted using SSE-S3 (Server-Side
Encryption with Amazon S3-managed keys), utilizing the industry-standard AES-256
algorithm.
|
2. Data Location and
Sovereignty
·
Hosting Location: All
customer data, including fax PDFs, is hosted exclusively in Canada
within the AWS ca-central-1 region.
·
Purpose: This
strict adherence to Canadian hosting ensures compliance with data residency
requirements.
3. Access Control and
Auditing
·
User-Specific Access:
Access to the user portal requires unique user accounts protected by
password requirements. Access to documents is strictly on a per-user basis.
·
Detailed Audit Logging: The
system maintains a comprehensive audit trail. All file access, faxes sent,
and platform actions are logged and permanently associated with the
logged-in user who performed the activity.
·
Internal Access Control:
Strict internal policies and technical access controls are in place to prevent
unauthorized access to client data by internal staff. Access is only
granted to authorized personnel with a legitimate, documented business need.
4. Data Transmission and
Confidentiality
·
Secure Carrier Integration: We
transmit fax data to our carrier (a regulated CLEC) over a secure, encrypted REST
API connection, maintaining confidentiality throughout the entire digital
path before delivery.
Data
Retention and Management
·
User-Defined Policy:
Clients have full control over their data lifecycle. While the default
retention is perpetual (until manually deleted by the client), users can
configure granular, automatic deletion policies.
·
Retention Options:
Available retention periods include 1 day, 7 days, 30 days, 90 days, or 365
days. Once this period expires, the records are securely and automatically
purged from the system.
This summary provides
assurance that eFax employs robust, industry-standard security controls to
maintain confidentiality and protect your data throughout its lifecycle.