Legal

Data & Compliance

Last updated: April 2026

Evercrest Technologies is a software development company that builds applications and web solutions for clients. We are not a data collector. This page outlines our commitment to data security and compliance standards in how we build and deliver software.

1. Our Role as a Developer

As a software developer, Evercrest Technologies:

• Designs and builds applications according to client specifications
• Does not collect end-user data from applications we develop (that is the responsibility of the product owner)
• Implements security best practices in all code we write
• Adheres to data protection and compliance standards in our development practices
• Does not retain user data from applications we build

2. Data Handling in Our Operations

Limited data required for our business operations may include:

• Client contact information and project details
• Payment and billing information (processed through PCI-DSS compliant providers)
• Website visitor analytics (anonymized)
• Communication logs and support inquiries

3. Data Encryption & Security

We implement industry-standard security practices in all software we develop:

• Code reviews and security audits
• Secure API design and authentication protocols
• Encryption in transit (TLS/SSL) and at rest (AES-256 where applicable)
• Regular security updates and patches
• Multi-factor authentication for administrative access

4. GDPR Compliance in Development

We design applications with GDPR compliance in mind. Applications we build can be configured to support:

• Data access requests
• Right to erasure ("right to be forgotten")
• Data portability
• User consent management
• Privacy by design principles

5. CCPA Compliance in Development

We develop applications that can support CCPA compliance, including:

• Mechanisms for users to know what data is collected
• Deletion capabilities for personal information
• Opt-out functionality for data sharing
• Data portability features

6. Data Protection in Client Projects

For clients using Evercrest Technologies to build their applications, we:

• Implement security standards and best practices
• Use secure development lifecycle (SSDLC) methodologies
• Conduct security testing and code reviews
• Provide secure deployment and maintenance
• Document security controls and compliance measures

7. Third-Party Security

We use trusted third-party services for cloud hosting, payment processing (PCI DSS Level 1 compliant), email services, and development tools. All third-party vendors are evaluated for security and compliance standards.

8. International Standards

We adhere to internationally recognized security standards:

• OWASP Top 10 and best practices
• CWE/SANS Top 25 software weaknesses prevention
• NIST Cybersecurity Framework principles
• Industry-standard secure coding practices

9. Development Security Practices

Security is built into every stage of development:

• Threat modeling and risk assessment
• Secure design architecture
• Code reviews and static analysis
• Dynamic security testing
• Penetration testing where applicable
• Security training for development team

10. Client Data Separation

When building applications for clients:

• Each client's code and data environment is isolated
• We do not share or access client data inappropriately
• Client intellectual property is protected
• Confidentiality agreements govern all client work

11. Incident Response

In the event of a security incident affecting a client or our infrastructure, we assess and contain the incident, notify affected parties without unreasonable delay, document the incident and remediation steps, and work to prevent future similar incidents.

12. Compliance Certifications & Standards

Evercrest Technologies adheres to and builds applications supporting:

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• PCI DSS (Payment Card Industry Data Security Standard)
• HIPAA considerations for health-related applications
• SOC 2 principles and best practices

13. Employee Access & Training

Our team receives regular security and privacy training, follows strict access controls and principles of least privilege, completes confidentiality and non-disclosure agreements, and understands data protection responsibilities.

14. Technology & Infrastructure

We use secure technology practices including regular vulnerability scanning and patching, secure backup and disaster recovery procedures, firewalls and intrusion detection/prevention, secure development environments, and protected source code repositories.

15. Data Retention in Our Operations

We retain business data only as long as necessary to provide services to clients, fulfill legal and contractual obligations, and maintain historical records for compliance.

16. Changes to This Policy

We may update this Data & Compliance policy as regulations change or as we improve our practices. We will notify users of material changes by updating this page and the "Last updated" date.