Start for free
Already have an account? Log in
Already have an account? Log in
SAML Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials.
If you're using password-based authentication, you can turn on 2-factor authentication (2FA). More details on our docs.
We enable permission levels within the app to be set for your teammates. Permissions can be set to include app settings, billing, user data or the ability to send or edit messages.
Equipped enforces a password complexity standard and credentials are stored using a PBKDF function (bcrypt).
We have uptime of 99.5% or higher. You can check our past month stats at https://status.tryequipped.com.
Equipped services and data are hosted on Heroku facilities in the USA and Europe, which also enables us to support data residency. We store US customer data in the US and European customer data in Europe.
The Equipped Platform was built with disaster recovery in mind. All of our infrastructure and data are spread across 3 AWS availability zones and will continue to work should any one of those data centers fail.
Each application on the Heroku platform runs within its own isolated environment and cannot interact with other applications or areas of the system. We use Heroku's architecture to prevent unauthorized requests getting to our internal network.
On an application level, we produce audit logs for all activity, ship logs to Graylog for analysis and use S3 for archival purposes. All actions taken on production consoles or in the Equipped Platform are logged.
Access to customer data is limited to authorized employees who require it for their job. Equipped is served 100% over https. Equipped runs a zero-trust corporate network. There are no corporate resources or additional privileges from being on Equipped's network. We have SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on GitHub, Google, Heroku, and Equipped to ensure access to cloud services is protected.
All data sent to or from Equipped is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only and score an "A+" rating on Qualys SSL Labs' tests. This means we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.
Equipped implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.
All employees complete Security and Awareness training annually.
Equipped has developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.
Equipped performs background checks on all new employees in accordance with local laws. The background check includes employment verification and criminal checks for US employees.
All employee contracts include a confidentiality agreement.
All payments made to Equipped go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe's security page.