Enterprise Level Security
and privacy compliance
Security Overview
Security
ERIN utilitizes first-class security protections and best practices to ensure physical, system and network, and application security. Our encryption utilizes 256-bit AES data encryption to ensure transmitted data is protected and secure.
Our hosted services are and data centers are ISO27001 accredited and SAS70 compliant.
Compliance
GDPR
What is GDPR
GDPR stands for the General Data Protection Regulation, a European Union guideline that was enacted in May 2018. ERIN strictly follows GDPR guidance, this informs our use, sharing, transfer and processing of personal data of users and persons from all regions, not just the European Union.
We treat the handling of our users’ data with the utmost care. We recognize that our customers have trusted ERIN with their private data, and we take that responsibility seriously, as we recognize customers’ own compliance status is impacted by their use of ERIN. The full details of our data management and security can be found in our Privacy Policy.
An overview of the actions ERIN takes include:
Data Subject Consent
ERIN’s Privacy Policy follows the GDPR guidance to only use personal data for legitimate business purposes. ERIN explicitly and directly requests and obtains consent from all users and invitees before processing any personal data
Data Security
ERIN will take all measures to secure our users’ Protected Personal Information (PPI) via:
- SOC Certified data storage and management
- Active Penetration Testing
- Following ISO27001 principles
Data Transfer
ERIN does not allow anyone, including employer admins and ERIN team members, to access user data without express approval from user.
Proactive Compliance
We will work with regulators and attorneys to ensure we are keeping up with all guidelines. ERIN will relay policy changes to users promptly.
Basis for Processing
ERIN’s basis for processing company, employee, and candidate information qualifies as “Legitimate Interest”.
Data and Privacy FAQ
What rights do I have to my data as an ERIN user?
ERIN users have the right to access their individual personal data held by ERIN at any time upon request. Users can contact ERIN’s data support team at [email protected] and the user’s unique data will be provided via CSV file.
Can I limit or delete my personal data in ERIN?
ERIN users have the right to refuse sharing their data with ERIN. This will likely limit an employee’s ability to participate in their firm’s referral program
How is my personal data stored and used?
ERIN Users have a right to transparency concerning what personal data is stored by ERIN’s application.
We use redundant storage in data centers in the United States managed and administered by Amazon Web Services. We maintain a record of all data requests and can audit where and when any personal data has been sent. For details about your personal data please request your data records CSV.
Can ERIN host my data in any other geographies?
Upon request, ERIN may be able to host personal data in other geographies. Please reach out to [email protected] for more information.
Does ERIN work with any Third-Parties who may have access to user data?
We use Amazon Web Services for our application infrastructure and submit our app to the Apple and Google application stores. None of these partners have access to individual user data.
Will ERIN indemnify customers against data violations?
Yes, ERIN has a standard data processing addendum we will include with all master service agreements.
Data Sub-Processors
Erin maintains a list of third-party sub-processors. Please contact [email protected] for an up-to-date list of their processors.
Can I customize the ERIN master service agreement to further protect personal data?
Potentially. Please reach out to [email protected] for more information.
