Everplans knows top-of-the-line security is paramount when protecting sensitive information. We also recognize that in using our service, you are trusting us with the most important information and documents you own – and we don’t take that lightly.
Bank-level security means that your important personal information is encrypted and protected using the same industry-leading technology that banks use. For more details about both our operational practices and commitment to security, please keep reading.
Securing Your Data at Rest
Within our systems, all your data is stored using AES-256 encryption with a uniquely derived key for each user following the recommendations of NIST Special Publication 800-132. We encrypt every single personally identifiable field in the database, including your name and email address. For searching and indexing, we hash a small number of fields using HMAC. We apply the same encryption technique to all files you upload.
As with all systems such as ours, the security of your information depends on you. You must choose a strong password (we enforce that as best we can) and you should never share your password with anyone. Everplans provides a much more secure system for sharing information with those you care about via our Deputy function.
Securing Your Data in Transit
All communications between you and Everplans are encrypted via SSL using 2048-bit certificates and we require SSL on all communications. We are implementing perfect forward secrecy so that even if someone eavesdrops on your communication, they will still not be able to decrypt the data in the event that our key is compromised.
Operational Procedures to Keep the Site Secure
Everplans follows best practices to keep your data secure. In addition to severely restricting access to operational environments (including private keys), we regularly audit our environments and code for security issues and apply patches expeditiously. We use commercial services that regularly check our site (including McAfee Secure) and we also retain our own security experts to probe and verify the security of our site.
Administrative Access to Your Information
Because your security and privacy is paramount to us, we limit what access our administrators have to your account to the limited set of data necessary to help grant you access to your account (by triggering confirmation emails, for example) and help you restrict access to your account in urgent circumstances (such as by limiting or removing a Deputy's access). Everplans administrators can never see the plan information that you fill out or any documents that you upload. They may have access to limited meta-data (such as whether or not you uploaded a will) but not the data itself (they will never be able to see the will you uploaded). Everplans logs and regularly audits all accesses to your account, whether by you, an administrator or your Deputies.
Have more questions? Contact us