Security Policy

Last updated: March 18, 2026

Overview

EthnicPath Virtual takes the security of your data seriously. We implement multi-layered security controls across our application, infrastructure, and operational processes to protect your information and ensure the integrity of our services.

Application Security

  • All web traffic encrypted via TLS/HTTPS
  • Authentication managed through an enterprise-grade provider with secure session handling
  • Passwords hashed using industry-standard one-way cryptographic algorithms
  • Input validation and sanitization on all user-facing forms and API endpoints
  • Rate limiting on authentication and API endpoints to prevent abuse
  • CSRF protection and secure cookie policies

Data Security

  • Encryption in Transit: All data transmitted between clients and servers is encrypted using TLS 1.2+
  • Encryption at Rest: Database storage encrypted using AES-256 encryption
  • Row-Level Security: Database policies ensure users can only access their own data
  • Data Isolation: Client data is logically separated and access-controlled at the database level
  • Backup & Recovery: Automated daily backups with point-in-time recovery capabilities

Infrastructure Security

Our platform is hosted on enterprise-grade infrastructure:

  • Hosting: SOC 2 Type II compliant cloud hosting with global edge network, DDoS protection, and automatic failover
  • Database: SOC 2 compliant database and authentication infrastructure with dedicated project isolation
  • Payments: PCI-DSS Level 1 certified payment processing — we never store card details on our servers

Third-Party Security

We carefully vet all third-party service providers for security compliance:

  • Voice & SMS: Delivered through ISO 27001 and SOC 2 compliant telecommunications providers
  • AI Voice: Secure API communications with encrypted voice data through certified AI partners
  • Monitoring: SOC 2 compliant application monitoring — no personally identifiable information captured
  • Email: TLS-encrypted email delivery through verified transactional email providers

Operational Procedures

  • Continuous monitoring of application health and performance
  • Incident response procedures for security events
  • Regular dependency auditing and vulnerability patching
  • Access to production systems restricted to authorized personnel
  • Audit logging for administrative actions

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly by contacting us at support@ethnicpath.com. We take all reports seriously and will respond promptly.