We understand that the 65,000+ businesses that use Ease place a high level of trust in us. Ease makes security and the privacy of customer data a top priority. The information on this page is intended to provide transparency about how we protect data. We’re always making security improvements and will keep this page up to date with our latest policies and procedures.
Certifications, Technologies, and Processes
Businesses from 2 to 7,000 employees trust Ease.
Ease follows Cal data privacy regulations, is HIPAA compliant, and successfully completed a SOC 2 Type 1 audit. Beyond that, your data is encrypted with industry standard AES-256 both at rest and in transit. All brokers, employer admins, and Ease employees are required to use two-factor authentication for secure access. Finally, we scan all data uploaded for viruses and malicious programs.
The reality is that you can never be 100% secure, which is why monitoring is just as important as protecting. Ease runs regular assessments, including vulnerability and penetration testing from 3rd-party vendors, and undergoes audits and reviews to ensure up-to-date best practices. We also track all data access and system changes and store changes securely.
The Ease management team takes security seriously, requiring employees to follow strict security procedures. Before an employee is hired, a background check is conducted. All employees complete monthly security training and an annual HIPAA review, have access to Ease on an "as needed basis," and require complex passwords.
Ease’s servers reside in industry-leading cloud service provider AWS and adhere to best practices. Ease hosts data in multiple regions for both high availability and disaster recovery purposes. Servers are located in a Virtual Private Cloud and data is encrypted both during transmission and at rest.