Effective Date: March 1, 2020
Last Updated: December 3, 2022
This page describes our security measures for the software-as-a-service Legacy Architects platform on vault.yourlegacyarchitects.com (collectively, the “Site”), made available to you by Estate Architects, LLC d/b/a Legacy Architects (“Legacy Architects,” “we,” “us,” or “our”).
Secure Hosting
We use Amazon Web Services as our external security hosting provider. AWS meets System and Organization (SOC) standards verified by independent third-party examination reports demonstrating how the provider achieves key compliance controls and objectives. Please see the following website for further details on AWS compliance: https://aws.amazon.com/compliance/programs/.
Your Data Belongs to You
Your organization owns all data and file uploads. To protect your data from unauthorized access, we have logs with alerts set to notify us of suspicious activity. Your organization may download your information or delete your information for our application at any time.
Authentication Protection
We provide our customers with the ability to create strong passwords that:
– Lockout the users after ten (10) failed attempts to log in
– Require a minimum of seven (7) characters
– Contain letters, numbers, or symbols
– Must be changed periodically
– Cannot be the last four (4) passwords used.
Industry Standard Encryption
All submission data is disk encrypted under AES-256. Data in transit is protected by TLS >=1.2 to provide end-to-end communication security.
Data Backup and Replication
We back up and replicate data as follows:
– Nightly snapshots are taken of our application database cluster. These daily backups are stored for 14 days.
– All data stored on our AWS S3 is replicated consistent from US-East Region to US-West Region with versioning enabled on all buckets replicated to another region.
Data backups are also encrypted using AES-256.
Security Monitoring
Our application will be configured for appropriate logging of activities to enable detection of security incidents. These incidents will be reviewed, and identified anomalies will be investigated for a possible compromise.
Business Continuity/Disaster Recovery
We have a business continuity and disaster recovery plan that allows customers to continue to run our application in the unlikely event of an outage at AWS-US East.
Training
Annual Training. Our employees and contractors are provided with privacy and awareness training yearly and must pass a quiz each year.
Developer Training
Developers train annually on secure coding guidelines, avoiding common coding vulnerabilities, and understanding how sensitive data is handled.
Incident Response
We have outlined a process for responding to security events and incidents, and breaches of personal or protected data. Our goal is to notify customers of an actual security incident within 24 hours of becoming aware of it.
Risk Management
Our organization addresses cybersecurity risks in our risk management processes to identify critical assets, threats, and vulnerabilities.
Privacy
We respect the privacy of our customers and the need for appropriate safeguards and protection of the personal information that our customers, employees, and contractors provide, including the data submitted using our products and services. Our Privacy Policy, which applies to the information that we process (Customers, Website Visitors, Trial Users, Job Applicants) may be found here.
Contact Us
Please direct any questions and concerns regarding these Terms to us at:
Estate Architects, LLC d/b/a Legacy Architects
Address: 3000 S Hulen St Ste 124 #2014, Fort Worth, TX 76109
Telephone:Â (720) 248-7707
Email Address:Â [email protected]