Skip to content

Employee Reminders Security Documentation

Employee Reminders is committed to safeguarding customer data and maintaining high standards of security, availability, processing integrity, confidentiality, and privacy. This document provides an overview of Employee Reminders’ security practices, data policies, and compliance measures.

Privacy & Data Governance

Data Retention Policy

Employee Reminders prioritizes user privacy and data security. Data is retained only as long as necessary to provide services. Customers can request data removal at any time by contacting support@employeereminders.com, and requests are processed promptly with confirmation.

Data Archiving and Removal Policy

Customers can request data deletion for compliance, legal, or internal policy reasons. Upon request, data is securely removed from systems. Records of all data removal requests are maintained for transparency and compliance.

Data Storage Policy

Employee Reminders safeguards customer data using advanced security measures:

  • Encryption: Data is encrypted in transit and at rest to protect against unauthorized access.
  • Redundancy: Data is stored across multiple secure locations within hosting provider data centers.
  • Backups: Regular backups prevent data loss and enable rapid recovery.

These measures ensure customer data is always available, secure, and protected against potential threats.

Data Center Locations & Hosting

  • Location: United States
  • Hosting Provider: Employee Reminders uses Amazon Web Services (AWS) for highly available, scalable, and reliable cloud infrastructure.

Security Measures:

  • Encryption: All data encrypted in transit and at rest using industry-standard algorithms.
  • Scalability & Flexibility: AWS allows dynamic resource allocation without compromising performance.
  • Backup & Disaster Recovery: Regular backups and recovery procedures ensure data integrity and availability.
  • Compliance & Standards: AWS complies with standards such as GDPR, ISO, and SOC.

By hosting on AWS, Employee Reminders ensures high levels of security, reliability, and performance.

Access Control & Authentication

  • Access is restricted to authorized personnel.
  • Multi-factor authentication (MFA) is enabled for all supported accounts.
  • Strong password policies enforced, including complexity and secure storage.
  • Access rights are reviewed periodically; accounts revoked promptly when no longer needed.

Change Management

  • All code and configuration changes are tested before deployment.
  • Deployment activities are logged with timestamps and change details.
  • Version control and approval procedures track and validate updates.

Logging & Monitoring

  • System and application logs are maintained and reviewed regularly.
  • Alerts are configured for errors, anomalies, or suspicious activity, with prompt investigation.

Incident Response

  • Formal incident response process to detect, respond to, and resolve security incidents.
  • Security incidents are documented and addressed promptly.
  • Customers are notified without undue delay if their data is affected.
  • Post-incident reviews are conducted to prevent recurrence.

Disaster Recovery & Business Continuity

  • Regular automated backups stored in multiple geographic locations within AWS.
  • Backups are periodically tested for integrity and restorability.
  • Redundant infrastructure ensures service continuity, with recovery procedures in case of system failure.

Processing Integrity

  • Automated checks verify messages are delivered as intended.
  • Failed deliveries or anomalies are logged, reviewed, and corrected according to standard procedures.

Confidentiality & Encryption

  • All data encrypted in transit and at rest using industry-standard algorithms.
  • Encryption keys are securely managed, including generation, rotation, and retirement.
  • Sensitive fields in logs and backups are masked or anonymized where possible.

Privacy & Data Subject Rights

  • Customers can request access, correction, deletion, or portability of their data.
  • Requests are verified for authenticity and processed promptly.
  • All privacy requests are logged for compliance and auditability.
  • New features and integrations undergo privacy risk assessments.

Vendor & Sub-Processor Management

  • Sub-processors (AWS, Stripe, Google Analytics) are evaluated for security and compliance.
  • Written agreements include confidentiality and data protection obligations.
  • Sub-processor performance and compliance are reviewed periodically.

Sub-Processors Table

Sub-Processor Purpose Location
Amazon Web Services (AWS) Cloud hosting and storage United States
Stripe, Inc. Cloud-based payment infrastructure United States
Google Analytics Cloud-based analytics provider United States

Compliance & Security

Data Deletion Request Procedure

  1. Request Submission: Customers submit deletion requests to support@employeereminders.com, including account details.
  2. Verification: Requests are verified for authenticity.
  3. Review & Confirmation: Requests are reviewed for compliance with legal and policy requirements.
  4. Data Deletion: Secure deletion is performed, and confirmation is provided.

Single Sign-On (SSO)

  • Supported Provider: Slack
  • Additional providers available on request for enterprise plans.

Slack Permissions Requested

  • chat:write – Send messages to users where the app is installed.
  • chat:write.customize – Send messages with customized username/icon.
  • users:read – Access basic user profile information.
  • users:read.email – Retrieve user email addresses for accurate audience segmentation.
  • im:write – Direct messaging capabilities for reminders and notifications.
  • email, openid, profile – Support single sign-on using Slack.

Permissions are carefully selected to provide essential features while maintaining security and privacy best practices.

Contact

For any security-related concerns or inquiries, contact support@employeereminders.com.

Ready to get started? You can try Employee Reminders for free 👉 Get Started