Privacy Policy

Introduction

Protecting your private information is our priority. This privacy policy applies to the collection, use, and disclosure of personal information we receive from users of the EPS website and our accounts payable systems services offered through the website application (collectively called the “Website”).

What Information EPS Collects and How We Use It

We collect and use the following data:

Account Information

When you sign up for our Services, our Website asks you to choose a username and password and to provide various types of information, some related to your corporate entity, some personal. This includes:

  • Your Personal Information: Includes your name, email address, phone number, and billing address.
  • Your Company’s Information: Includes your company’s name, number of employees, accounting system(s), business address, phone and fax number, LinkedIn and Twitter profiles, and contact persons.
  • Employee Information: The names, work phone numbers, departments, titles, and work email addresses of your employees who will be using the Website and Services.
  • Supplier Information: Name, title, email, phone number, billing address, and for those using the payment application, Bank Account information.
  • Subscription Information: A credit card to pay for your subscription to EPS.

EPS uses this contact information to provide you with updated information and service your account. We may also use this information to contact you about additional products or services that may interest you. You will have an opportunity to “opt-out” of such offers upon request.

Security Policy and Practices

Encryption of Personal Data

  • Data in Transit: Encrypted using 256-bit encryption (TLS/SSL).
  • Data at Rest: Encrypted using AES-256.
  • Sensitive Data: Further encrypted with AES-256 and a separate private key.
  • Passwords: Hashed with unique per-user salts.

Ongoing Security Measures

  • Security Policies: Comprehensive and frequently updated security policies.
  • Training: Annual Security and Awareness training for all employees.
  • Firewalls: Web application and network firewalls, AWS DDoS prevention defenses.
  • SDLC Security: Secure Software Development Lifecycle (SDLC) with static code analysis and human reviews.
  • Incident Response: Predefined security incident response processes.
  • Vulnerability Assessment: Regular vulnerability assessments and third-party penetration testing.

Data Restoration and Disaster Recovery

  • Data Storage: Databases stored on AWS in multiple availability zones.
  • Backups: Daily backups and periodic restore testing.

Regular Testing and Evaluation

  • System Testing: Functional and security tests before deployment.
  • Change Management: Processes for addressing identified deficiencies.

User Identification and Authorization

  • Passwords: Strong password policies and rate-limited login attempts.
  • Authentication: Optional 2FA and SSO using SAML protocol.

Physical Security

  • Hosting: Software hosted in AWS facilities with compliance and regulatory assurances (SOC 1-3, ISO 27001).
  • Security Groups: VPC with restricted security groups.

Event Logging

  • Logs: Maintained for three months in internal systems and customer-accessible audit logs.
  • Ticketing System: Customer requests are logged in a ticketing system.

IT and Security Governance

  • Governance: Executive management oversees security governance and risk mitigation.
  • Risk Management: Ongoing risk management, employee training, and coordination to prevent data breaches.
  • Incident Response: Documented processes and procedures for cybersecurity incidents.

Certification and Assurance

  • Certifications: SOC 1, 2, and 3 certified with annual reviews, PCI DSS compliant (SAQ-D Attestation of Compliance).

Data Management Principles

  • Data Minimization: Data collected is necessary to provide services.
  • Data Quality: Maintained through customer review and updates.
  • Data Retention: Policies aligned with business requirements and legal obligations.

Accountability

  • Reviews and Training: Third-party reviews and training to enhance data protection awareness.
  • Policies: Comprehensive policies and record-keeping on security matters.

Security Bounty

  • Bug Reporting: Bug or vulnerability assessments can be submitted to bugbounty@Elitepayables.com.

Portability and Data Disposal

  • Requests: Data portability and disposal requests via privacy@Elitepayables.com.
  • Policies: Internal policies and training for handling these requests.

Cookies on EPS Websites

Necessary Cookies

Necessary cookies are required to enable basic site features, such as secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

Id

Domain

Duration

Description

__smVID

www.Elitepayables.com

1 month

Sumo sets this cookie for the sign-up function on the website.

OptanonConsent

.Elitepayables.com

1 year

OneTrust sets this cookie to store details about the site’s cookie category and consent preferences.

__hssrc

.Elitepayables.com

Session

HubSpot sets this cookie to indicate a new session if the browser is restarted.

__hssc

.Elitepayables.com

30 minutes

HubSpot sets this cookie to track sessions and increment session numbers and timestamps.

elementor

Elitepayables.com

Never

The WordPress theme uses this cookie to implement or change the website’s content in real-time.

_gcl_au

.Elitepayables.com

3 months

Google Tag Manager sets this cookie to experiment with advertisement efficiency.

ga*

.Elitepayables.com

1 year

Google Analytics sets this cookie to store and count page views.

_ga

.Elitepayables.com

1 year

Google Analytics sets this cookie to calculate visitor, session, and campaign data for analytics.

_gid

.Elitepayables.com

1 day

Google Analytics sets this cookie to store information on how visitors use a website.

gat_UA*

.Elitepayables.com

1 minute

Google Analytics sets this cookie for user behavior tracking.

vuid

.vimeo.com

1 year

Vimeo installs this cookie to collect tracking information for embedding videos.

hubspotutk

.Elitepayables.com

5 months

HubSpot sets this cookie to track visitors.

JSESSIONID

app.Elitepayables.com

Session

New Relic uses this cookie to store a session identifier for monitoring session counts.

__cfruid

.get.Elitepayables.com

Session

Cloudflare sets this cookie to identify trusted web traffic.

Functional Cookies

Functional cookies help perform functionalities like sharing website content on social media, collecting feedback, and other third-party features.

Id

Domain

Duration

Description

_gaexp

.Elitepayables.com

1 month

Google Optimize sets this cookie for user inclusion in experiments.

__cf_bm

.report-uri.com

30 minutes

Cloudflare sets this cookie for bot management.

lidc

.linkedin.com

1 day

LinkedIn sets this cookie to facilitate data center selection.

UserMatchHistory

.linkedin.com

1 month

LinkedIn sets this cookie for LinkedIn Ads ID syncing.

li_gc

.linkedin.com

5 months

LinkedIn sets this cookie for storing visitor consent regarding non-essential cookies.

lang

app.Elitepayables.com

Never

LinkedIn sets this cookie to remember user language settings.

Analytical Cookies

Analytical cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

Id

Domain

Duration

Description

_session_id

tracking.g2crowd.com

14 days

G2 sets this cookie to store visitor navigation by recording landing pages.

CLID

www.clarity.ms

1 year

Microsoft Clarity sets this cookie to store information about visitor interactions.

AnalyticsSyncHistory

.linkedin.com

1 month

LinkedIn sets this cookie to store information about sync timing with the lms_analytics cookie.

ln_or

www.Elitepayables.com

1 day

LinkedIn sets this cookie to register statistical data on user behavior for internal analytics.

_clck

.Elitepayables.com

1 year

Microsoft Clarity sets this cookie to retain the browser’s Clarity User ID and settings.

_clsk

.Elitepayables.com

1 day

Microsoft Clarity sets this cookie to store and consolidate pageviews into a single session.

SM

.c.clarity.ms

Session

Microsoft Clarity sets this cookie for synchronizing the MUID across Microsoft domains.

__hstc

.Elitepayables.com

5 months

HubSpot sets this main cookie for tracking visitors.

MR

.c.bing.com

7 days

Bing sets this cookie to collect user information for analytics.

_fbp

.Elitepayables.com

3 months

Facebook sets this cookie to display advertisements after visiting the website.

__smToken

www.Elitepayables.com

1 year

Sumo sets this cookie to determine if the visitor is logged in.

gat_gtag_UA*

.Elitepayables.com

1 minute

Google Analytics sets this cookie to store a unique user ID.

ajs_anonymous_id

.Elitepayables.com

1 year

Segment sets this cookie to count the number of people visiting a site by tracking previous visits.

fs_uid

.Elitepayables.com

1 year

Fullstory sets this cookie for session tracking.

ajs_user_id

app.Elitepayables.com

Never

Segment sets this cookie to help track visitor usage, events, target marketing, and performance.

Performance Cookies

Performance cookies help understand and analyze key performance indexes to deliver a better user experience.

Id

Domain

Duration

Description

SRM_B

.c.bing.com

1 year

Microsoft Advertising sets this cookie as a unique ID for visitors.

_gat

.Elitepayables.com

1 minute

Google Universal Analytics sets this cookie to limit data collection on high-traffic sites.

Advertisement Cookies

Advertisement cookies provide customized advertisements based on previous page visits and analyze ad campaign effectiveness.

Advertisement cookies provide customized advertisements based on previous page visits and analyze ad campaign effectiveness.

Id

Domain

Duration

Description

test_cookie

.doubleclick.net

15 minutes

DoubleClick sets this cookie to determine if the user’s browser supports cookies.

IDE

.doubleclick.net

1 year

Google DoubleClick IDE cookies store information about user website usage for relevant ad presentation.

li_sugr

.linkedin.com

3 months

LinkedIn sets this cookie to collect user behavior data for optimizing advertisements.

bcookie

.linkedin.com

1 year

LinkedIn sets this cookie to recognize browser IDs.

bscookie

.www.linkedin.com

1 year

LinkedIn sets this cookie to store performed actions on the website.

MUID

.clarity.ms

1 year

Bing sets this cookie to recognize unique web browsers visiting Microsoft sites.

ANONCHK

.c.clarity.ms

10 minutes

Bing sets this cookie to store a user’s session ID and verify ad clicks.

bku

.bluekai.com

6 months

Bluekai sets this cookie to register anonymized user data for optimizing ad display.

bkpa

.bluekai.com

6 months

Bluekai sets this cookie to store anonymized user web usage data for targeted advertising.

User Rights with Respect to Personal Data

You have the following rights with respect to your personal data:

  • Access: Request access to the data we process about you.
  • Objection: Object to the processing of your data.
  • Data Overview: Request an overview of the data we process about you.
  • Correction/Deletion: Request correction or deletion of incorrect or irrelevant data.
  • Restriction: Request to restrict the processing of your data.

Important Information for Residents:

California Residents:

  • The information transferred to service providers via “Functional Cookies” and “Marketing Cookies” might constitute a “sale” under the California Consumer Privacy Act (CCPA). To opt out, turn off these cookies and save settings.

Canadian Residents:

  • Request correction or deletion of incorrect or irrelevant data.
  • Right to withdraw consent at any time, subject to legal or contractual restrictions.
  • Right to address non-compliance challenges to Canada’s Office of the Privacy Commissioner.

UK and EU Residents:

  • Right to know why personal data is needed, how it will be used, and retention duration.
  • Access: Right to access your personal data.
  • Rectification: Right to supplement, correct, delete, or block personal data.
  • Consent Withdrawal: Right to revoke consent and have personal data deleted.
  • Data Transfer: Right to request all your data and transfer it to another controller.
  • Objection: Right to object to data processing unless justified grounds exist.

Enabling/Disabling and Deleting Cookies

You can manage cookies via your browser settings. Links for guides on adjusting/deleting cookies in common browsers are provided below. Note that disabling cookies may affect website functionality.

Contact Us

For questions or comments about our privacy and cookies policy, contact us:

EPS, Inc.

Email: privacy@elitepayables.com

This privacy policy ensures transparency and security in handling your personal data. Please review it regularly for updates. If you disagree with any changes, terminate your services and contact us to exercise your rights described in this Privacy Policy.