Data Security

Last Updated: April 4, 2024

We understand that by using EntryDock, you are trusting us with your data. That’s why we treat your personal and financial data like we’d want ours to be treated. Below, you‘ll find the principles that guide our approach to privacy and security.

Access

We believe that you should have access to and control over your data. 

Your personal EntryDock financial account data, such as budgets and transactions, is only accessed by the EntryDock team when necessary to provide the EntryDock services, like when you request support for a data issue. We use aggregated and anonymized data for internal analytics and business purposes – you can read our Privacy Policy for more information.

We employ a number of security measures to help keep your data safe, including 256-bit encryption to protect it at rest and Transport Layer Security (TLS) to protect it in transit. In other words, your data is encrypted while it is being stored and while interacting with our servers. 

Retention

You can delete your EntryDock account at any time by sending a request to privacy@entrydock.com. If you delete your account, we do not keep any of your financial data, financial documents or EntryDock account data (email address, name, etc.), except in the limited circumstances where required by law, to resolve disputes, protect EntryDock and our users, and enforce our agreements. Where EntryDock has no such obligations, the data will be completely removed from all our internal systems, including backups, within 60 days.

Deleting your EntryDock account and canceling your app subscription are two separate actions.

Infrastructure

EntryDock’s infrastructure is built on the Google Cloud Platform (GCP) and Amazon Web Services (AWS), which are used by leading financial companies worldwide. GCP and AWS adhere to industry standard security, privacy and compliance controls, including:

  • ISO/IEC 27001, 27017 and 27018
  • SOC 1/2/3
  • PCI DSS
  • CSA STAR

Please note that these are GCP and AWS certifications and that EntryDock is not certified at the moment.

We use Multi-Factor Authentication (MFA) on all internal systems.

We also know that security isn’t a “set it and forget it” sort of thing, which is why we regularly conduct application penetration tests to identify and, as needed, mitigate vulnerabilities or risks in our systems.

What you do in EntryDock, stays in EntryDock

We respect your privacy, so we give you transparency and control over your data and keep it private. We don’t like it when we start seeing online ads for things we recently bought, so we do not sell your personal data to third parties so that they can advertise products to you.

Transparency above all else

Our Privacy Policy comprehensively details our data practices. We also provide this page to provide you with a straightforward summary of how we think about securing your data.

We’ll keep this page up-to-date and let you know if anything big changes with our practices. We’re also available if you have any questions or concerns. You can always contact us at privacy@entrydock.com.