Privacy Policy
Introduction
Protecting your private information is our priority. This privacy policy applies to the collection, use, and disclosure of personal information we receive from users of the EPS website and our accounts payable systems services offered through the website application (collectively called the “Website”).
What Information EPS Collects and How We Use It
We collect and use the following data:
Account Information
When you sign up for our Services, our Website asks you to choose a username and password and to provide various types of information, some related to your corporate entity, some personal. This includes:
- Your Personal Information: Includes your name, email address, phone number, and billing address.
- Your Company’s Information: Includes your company’s name, number of employees, accounting system(s), business address, phone and fax number, LinkedIn and Twitter profiles, and contact persons.
- Employee Information: The names, work phone numbers, departments, titles, and work email addresses of your employees who will be using the Website and Services.
- Supplier Information: Name, title, email, phone number, billing address, and for those using the payment application, Bank Account information.
- Subscription Information: A credit card to pay for your subscription to EPS.
EPS uses this contact information to provide you with updated information and service your account. We may also use this information to contact you about additional products or services that may interest you. You will have an opportunity to “opt-out” of such offers upon request.
Security Policy and Practices
Encryption of Personal Data
- Data in Transit: Encrypted using 256-bit encryption (TLS/SSL).
- Data at Rest: Encrypted using AES-256.
- Sensitive Data: Further encrypted with AES-256 and a separate private key.
- Passwords: Hashed with unique per-user salts.
Ongoing Security Measures
- Security Policies: Comprehensive and frequently updated security policies.
- Training: Annual Security and Awareness training for all employees.
- Firewalls: Web application and network firewalls, AWS DDoS prevention defenses.
- SDLC Security: Secure Software Development Lifecycle (SDLC) with static code analysis and human reviews.
- Incident Response: Predefined security incident response processes.
- Vulnerability Assessment: Regular vulnerability assessments and third-party penetration testing.
Data Restoration and Disaster Recovery
- Data Storage: Databases stored on AWS in multiple availability zones.
- Backups: Daily backups and periodic restore testing.
Regular Testing and Evaluation
- System Testing: Functional and security tests before deployment.
- Change Management: Processes for addressing identified deficiencies.
User Identification and Authorization
- Passwords: Strong password policies and rate-limited login attempts.
- Authentication: Optional 2FA and SSO using SAML protocol.
Physical Security
- Hosting: Software hosted in AWS facilities with compliance and regulatory assurances (SOC 1-3, ISO 27001).
- Security Groups: VPC with restricted security groups.
Event Logging
- Logs: Maintained for three months in internal systems and customer-accessible audit logs.
- Ticketing System: Customer requests are logged in a ticketing system.
IT and Security Governance
- Governance: Executive management oversees security governance and risk mitigation.
- Risk Management: Ongoing risk management, employee training, and coordination to prevent data breaches.
- Incident Response: Documented processes and procedures for cybersecurity incidents.
Certification and Assurance
- Certifications: SOC 1, 2, and 3 certified with annual reviews, PCI DSS compliant (SAQ-D Attestation of Compliance).
Data Management Principles
- Data Minimization: Data collected is necessary to provide services.
- Data Quality: Maintained through customer review and updates.
- Data Retention: Policies aligned with business requirements and legal obligations.
Accountability
- Reviews and Training: Third-party reviews and training to enhance data protection awareness.
- Policies: Comprehensive policies and record-keeping on security matters.
Security Bounty
- Bug Reporting: Bug or vulnerability assessments can be submitted to bugbounty@Elitepayables.com.
Portability and Data Disposal
- Requests: Data portability and disposal requests via privacy@Elitepayables.com.
- Policies: Internal policies and training for handling these requests.
Cookies on EPS Websites
Necessary Cookies
Necessary cookies are required to enable basic site features, such as secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Id | Domain | Duration | Description |
__smVID | 1 month | Sumo sets this cookie for the sign-up function on the website. | |
OptanonConsent | .Elitepayables.com | 1 year | OneTrust sets this cookie to store details about the site’s cookie category and consent preferences. |
__hssrc | .Elitepayables.com | Session | HubSpot sets this cookie to indicate a new session if the browser is restarted. |
__hssc | .Elitepayables.com | 30 minutes | HubSpot sets this cookie to track sessions and increment session numbers and timestamps. |
elementor | Never | The WordPress theme uses this cookie to implement or change the website’s content in real-time. | |
_gcl_au | .Elitepayables.com | 3 months | Google Tag Manager sets this cookie to experiment with advertisement efficiency. |
ga* | .Elitepayables.com | 1 year | Google Analytics sets this cookie to store and count page views. |
_ga | .Elitepayables.com | 1 year | Google Analytics sets this cookie to calculate visitor, session, and campaign data for analytics. |
_gid | .Elitepayables.com | 1 day | Google Analytics sets this cookie to store information on how visitors use a website. |
gat_UA* | .Elitepayables.com | 1 minute | Google Analytics sets this cookie for user behavior tracking. |
vuid | .vimeo.com | 1 year | Vimeo installs this cookie to collect tracking information for embedding videos. |
hubspotutk | .Elitepayables.com | 5 months | HubSpot sets this cookie to track visitors. |
JSESSIONID | Session | New Relic uses this cookie to store a session identifier for monitoring session counts. | |
__cfruid | .get.Elitepayables.com | Session | Cloudflare sets this cookie to identify trusted web traffic. |
Functional Cookies
Functional cookies help perform functionalities like sharing website content on social media, collecting feedback, and other third-party features.
Id | Domain | Duration | Description |
_gaexp | .Elitepayables.com | 1 month | Google Optimize sets this cookie for user inclusion in experiments. |
__cf_bm | .report-uri.com | 30 minutes | Cloudflare sets this cookie for bot management. |
lidc | .linkedin.com | 1 day | LinkedIn sets this cookie to facilitate data center selection. |
UserMatchHistory | .linkedin.com | 1 month | LinkedIn sets this cookie for LinkedIn Ads ID syncing. |
li_gc | .linkedin.com | 5 months | LinkedIn sets this cookie for storing visitor consent regarding non-essential cookies. |
lang | Never | LinkedIn sets this cookie to remember user language settings. |
Analytical Cookies
Analytical cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Id | Domain | Duration | Description |
_session_id | 14 days | G2 sets this cookie to store visitor navigation by recording landing pages. | |
CLID | 1 year | Microsoft Clarity sets this cookie to store information about visitor interactions. | |
AnalyticsSyncHistory | .linkedin.com | 1 month | LinkedIn sets this cookie to store information about sync timing with the lms_analytics cookie. |
ln_or | 1 day | LinkedIn sets this cookie to register statistical data on user behavior for internal analytics. | |
_clck | .Elitepayables.com | 1 year | Microsoft Clarity sets this cookie to retain the browser’s Clarity User ID and settings. |
_clsk | .Elitepayables.com | 1 day | Microsoft Clarity sets this cookie to store and consolidate pageviews into a single session. |
SM | .c.clarity.ms | Session | Microsoft Clarity sets this cookie for synchronizing the MUID across Microsoft domains. |
__hstc | .Elitepayables.com | 5 months | HubSpot sets this main cookie for tracking visitors. |
MR | .c.bing.com | 7 days | Bing sets this cookie to collect user information for analytics. |
_fbp | .Elitepayables.com | 3 months | Facebook sets this cookie to display advertisements after visiting the website. |
__smToken | 1 year | Sumo sets this cookie to determine if the visitor is logged in. | |
gat_gtag_UA* | .Elitepayables.com | 1 minute | Google Analytics sets this cookie to store a unique user ID. |
ajs_anonymous_id | .Elitepayables.com | 1 year | Segment sets this cookie to count the number of people visiting a site by tracking previous visits. |
fs_uid | .Elitepayables.com | 1 year | Fullstory sets this cookie for session tracking. |
ajs_user_id | Never | Segment sets this cookie to help track visitor usage, events, target marketing, and performance. |
Performance Cookies
Performance cookies help understand and analyze key performance indexes to deliver a better user experience.
Id | Domain | Duration | Description |
SRM_B | .c.bing.com | 1 year | Microsoft Advertising sets this cookie as a unique ID for visitors. |
_gat | .Elitepayables.com | 1 minute | Google Universal Analytics sets this cookie to limit data collection on high-traffic sites. |
Advertisement Cookies
Advertisement cookies provide customized advertisements based on previous page visits and analyze ad campaign effectiveness.
Advertisement cookies provide customized advertisements based on previous page visits and analyze ad campaign effectiveness.
Id | Domain | Duration | Description |
test_cookie | .doubleclick.net | 15 minutes | DoubleClick sets this cookie to determine if the user’s browser supports cookies. |
IDE | .doubleclick.net | 1 year | Google DoubleClick IDE cookies store information about user website usage for relevant ad presentation. |
li_sugr | .linkedin.com | 3 months | LinkedIn sets this cookie to collect user behavior data for optimizing advertisements. |
bcookie | .linkedin.com | 1 year | LinkedIn sets this cookie to recognize browser IDs. |
bscookie | 1 year | LinkedIn sets this cookie to store performed actions on the website. | |
MUID | .clarity.ms | 1 year | Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. |
ANONCHK | .c.clarity.ms | 10 minutes | Bing sets this cookie to store a user’s session ID and verify ad clicks. |
bku | .bluekai.com | 6 months | Bluekai sets this cookie to register anonymized user data for optimizing ad display. |
bkpa | .bluekai.com | 6 months | Bluekai sets this cookie to store anonymized user web usage data for targeted advertising. |
User Rights with Respect to Personal Data
You have the following rights with respect to your personal data:
- Access: Request access to the data we process about you.
- Objection: Object to the processing of your data.
- Data Overview: Request an overview of the data we process about you.
- Correction/Deletion: Request correction or deletion of incorrect or irrelevant data.
- Restriction: Request to restrict the processing of your data.
Important Information for Residents:
California Residents:
- The information transferred to service providers via “Functional Cookies” and “Marketing Cookies” might constitute a “sale” under the California Consumer Privacy Act (CCPA). To opt out, turn off these cookies and save settings.
Canadian Residents:
- Request correction or deletion of incorrect or irrelevant data.
- Right to withdraw consent at any time, subject to legal or contractual restrictions.
- Right to address non-compliance challenges to Canada’s Office of the Privacy Commissioner.
UK and EU Residents:
- Right to know why personal data is needed, how it will be used, and retention duration.
- Access: Right to access your personal data.
- Rectification: Right to supplement, correct, delete, or block personal data.
- Consent Withdrawal: Right to revoke consent and have personal data deleted.
- Data Transfer: Right to request all your data and transfer it to another controller.
- Objection: Right to object to data processing unless justified grounds exist.
Enabling/Disabling and Deleting Cookies
You can manage cookies via your browser settings. Links for guides on adjusting/deleting cookies in common browsers are provided below. Note that disabling cookies may affect website functionality.
- Browsers: Internet Explorer, Google Chrome, Mozilla Firefox, Opera, Safari, Microsoft Edge, Samsung Browser.
- Canada: Indicate preferences on youradchoices.ca.
- UK/EU: Note that the website may not work properly if all cookies are disabled. Deleting cookies will place them again after consent on subsequent visits.
Contact Us
For questions or comments about our privacy and cookies policy, contact us:
EPS, Inc.
Email: privacy@elitepayables.com
This privacy policy ensures transparency and security in handling your personal data. Please review it regularly for updates. If you disagree with any changes, terminate your services and contact us to exercise your rights described in this Privacy Policy.