How Ecrof Protects Your Data

The Short Version

• Your data is encrypted in transit and at rest.
• Every database query is filtered so you only see your own data.
• We never share, sell, or train on your data.
• Your access is yours alone, time bound, and revocable.
• We use the same security infrastructure trusted by enterprise SaaS companies.

Where Your Data Lives

We do not host data on our own servers. Every layer of our stack inherits enterprise grade security from providers that pass annual third party audits.

How We Keep Your Data Isolated From Other Clients

The Console is a multi tenant platform, which means many clients share the same infrastructure. The way we keep your data separate from everyone else's:

1. Row level security at the database. Every table has policies that filter queries to only return rows belonging to the requesting user. This runs at the Postgres layer, below the application, so even a bug in our app code cannot leak data across clients.
2. Per client access scoping. Your account is bound to a specific list of clients you can see. Trying to read data outside that list returns an empty result, not an error message.
3. Time bound access. Sprint members get a default access window. After the window, your portal becomes inactive automatically. You can extend by enrolling in the IBA or graduating to a Business Brain delivery.
4. No shared storage prefixes. File storage is scoped per client so cross client listing is impossible.
5. Audit logging on every access. We log every read and write across the platform. Attempted access outside your scope is logged and alerts our security inbox.

What We Collect From You

• Your business information (revenue, staff, customer profile, etc.), only what you enter
• Your OIA answers (your operational intelligence diagnostic responses)
• Your workflow data (when you fire a workflow, what it returned)
• Standard account information (email, name, billing through Stripe)

What We Do Not Do

• We do not train any model on your business data.
• We do not share your data with any third party except the providers listed above, and only the data they need to do their job.
• We do not sell your data.
• We do not enable advertising or analytics tracking on the Console.
• We do not let other Ecrof clients see your data.

How We Handle Workflows

When you fire an Operating Play, the workflow runs on our infrastructure. We never store API keys for your tools. Instead, we use OAuth so you grant scoped, revocable access. You can revoke that access in your tool's settings at any time. The workflow stops working immediately.

Backups And Disaster Recovery

• Database snapshots run daily and are retained for 30 days.
• File storage is replicated across multiple availability zones.
• We test restore procedures monthly.
• Our recovery time objective is under 4 hours for full restoration.

Account Termination

If you cancel, your data is retained for 30 days in case you want it back, then permanently deleted. You can request immediate deletion at any time by emailing security@ecrofmedia.com.

Incident Response

If we detect a security incident affecting your data, we notify you within 72 hours with what happened, what data was involved, and what we are doing about it. This is our policy regardless of jurisdiction.

Compliance Roadmap

We use SOC 2 certified infrastructure across our entire stack. We are not currently SOC 2 certified ourselves, but we follow practices that align with the controls a SOC 2 Type II audit would test. We expect to begin formal certification in early 2027 once enterprise demand justifies the investment.

For enterprise clients with specific compliance requirements (HIPAA, financial services, government), reach out to security@ecrofmedia.com and we can discuss what is possible.

Questions

security@ecrofmedia.com