Your safety is our concern
Backups / Disaster Recovery
We keep full backups of each equicty database for up to 90 days. Backups
are replicated in multi regions data centers in Europe.
For services hosted on bare metal, where hardware failure is possible, we
implement local hot standby replication, with monitoring and a manual
failover procedure that takes less than 5 minutes.
In case of complete disaster, with a data center entirely down for an
extended period, preventing the failover to our local hot-standby (never
happened so far, this is the worst-case plan), we have the following
• RPO (Recovery Point Objective) = 24h. This means you can lose max 24h
of work if the data cannot be recovered and we need to restore your
latest daily backup.
• RTO (Recovery Time Objective) = 24h for paid subscriptions, 48h for free
trials, education offer, freemium users, etc. This is the time to restore the
service in a different data center if a disaster occurs and a datacenter
is completely down.
• How is this accomplished: we actively monitor our daily backups, and
they are replicated in multiples locations. We have automated
provisioning to deploy our services in a new hosting location. Restoring
the data based on our backups of the previous day can then be done
in a few hours (for the largest clusters), with priority on the paid
• We routinely use both the daily backups and provisioning scripts for daily
operations, so both parts of the disaster recovery procedure are tested
all the time.
Customer data is stored in a dedicated database – no sharing of data
between clients. Data access control rules implement complete isolation
between customer databases running on the same cluster, no access is
possible from one database to another.
Password policy and storage
To access equicty, you need to provide a strong password of at least 6
characters. We do not store these user passwords in plain text, we only store
one-way encrypted password hashes including a per-user-random-salt. This
protects users against rainbow table attacks and encrypted password
matching. Equicty staff does not have access to your password, and cannot
retrieve it for you, the only option if you lose it is to reset it.
If users enter incorrect passwords multiple times in a row, the account will be
temporarily locked to prevent brute-force attacks.
Encrypting data in transit
All traffic to equicty passes through an SSL-encrypted connection, and we only
accept traffic through port 443. A response of our SSL configuration can be
Encrypting data at rest
All data stored on equicty systems is encrypted at rest. Information stored in
our database systems or on our file systems is encrypted using the industry
standard AES-256 encryption algorithm. GCP stores and manages data
cryptography keys in its redundant and globally distributed Key Management
This means that even if an intruder were ever able to access any of the physical
storage devices, the data contained therein would still be impossible to
decrypt without the keys, rendering the information useless.
GCP security practices
Equicty uses Google Cloud (GCP) to store user data. These servers undergo
recurring assessment to ensure compliance with the latest industry standards
and continually manages risk. By using GCP as our data center, our
infrastructure is accredited by:
• ISO/IEC 27001/27017/27018/27701
• SOC 1/2/3
• PCI DSS, and FedRAMP certifications
• alignment with HIPAA, GDPR, and CCPA
More information about GCP security van be found here.
Request throttling and tracking
We block requests originating from known, vulnerable IP addresses or ranges.
Requests that originate from the same IP are throttled and rate-limited to avoid
Credit card safety
We never store credit card information on our own systems. Your credit card
information is always transmitted securely between you and our payment
Secure by design
Equicty is designed in a way that prevents introducing most common security
• SQL injections are prevented by the use of a higher-level API that does
not require manual SQL queries.
• XSS attacks are prevented by the use of a high-level templating system
that automatically escapes injected data.
The framework prevents RPC access to private methods, making it harder to
introduce exploitable vulnerabilities.
Our team uses strong, unique passwords for equicty accounts and has set up
Two-Factor Authentication for each device and service they use. All equicty
employees are encouraged to use password manager software (LastPass,
1Password, …) to generate and store strong passwords.
We also make sure to encrypt local hard drives and enable automatic screen
locking. All access to application admin functionalities is restricted to a select
group of people.