Trust & Compliance

Security & Privacy

EcoMetricX operates within a comprehensive privacy-by-design framework aligned with NIST CSF 2.0, CSA STAR CCM v4, and California CPUC privacy regulations. Our security architecture ensures that client data is protected at every stage of analysis and delivery.

Data Confidentiality

All client data shared with EcoMetricx is treated as strictly confidential. We maintain data segregation between client engagements and enforce access controls so that only authorized project personnel can access client data.

Infrastructure Security

Our cloud infrastructure is hosted on AWS with encryption at rest (AES-256) and in transit (TLS 1.2+). Production environments are isolated from development environments with IAM least-privilege roles and VPC network isolation.

Data Handling & Retention

Client data is retained only for the duration of an active engagement, plus a 90-day archival period unless otherwise agreed. Upon project completion, we securely delete or return all client data per your instructions.

Access Controls

All EcoMetricx personnel with access to client data undergo background screening. Multi-factor authentication (MFA) is enforced on all production systems. We conduct quarterly access reviews.

Last Updated

This security and privacy statement was last updated in 2025. We review and update it at least annually.