Trust
Security at ModernEDI
ModernEDI is built for business EDI workflows where access control, certificate handling, operational visibility, and reliable processing matter.
Account Security
ModernEDI uses managed authentication for user sign-in, password reset, account recovery, and related login security controls. Account holders should use unique passwords, protect their email accounts, and keep integration credentials private.
Multi-Factor Authentication
Account holders can enable software-token multi-factor authentication from the account security view and should use appropriate access practices when managing partners, certificates, API keys, billing, or production traffic.
Workspace Access Controls
Each workspace is isolated from other customer workspaces. Customers are responsible for protecting account access and limiting credentials and exported secrets to people and systems that need them for EDI, AS2, mapping, operational, support, or billing workflows.
Data Handling
ModernEDI stores account, partner, mapping, AS2, certificate metadata, transaction metadata, acknowledgements, MDNs, map results, and related operational records needed to provide the service. Customer content is handled to operate, secure, troubleshoot, and support the platform.
Infrastructure and Recovery
ModernEDI's primary production region is AWS US East (Ohio). Core tenant transaction tables use point-in-time recovery. Operational logging and monitoring are used to identify service and transaction-processing issues.
Transport Protection
The ModernEDI website, application, and Integration API are served over HTTPS. AS2 partner profiles expose signing, encryption, and receipt settings so administrators can match a trading partner's requirements. Plans that support plain HTTP exist for legacy partner compatibility; workspace and API access remain HTTPS.
AS2 Certificates and Private Keys
ModernEDI helps customers generate and manage AS2 identity details used for partner onboarding. Certificate packages expose the public certificate and partner-facing details. Private keys are handled by ModernEDI and should not be shared outside the systems that require them for AS2 operation.
Integration API Keys
Integration API keys are intended for server-side use by customer systems. Customers should rotate keys when needed, avoid embedding them in public clients, and remove access for users or systems that no longer require it.
Logging and Monitoring
We use operational logging and monitoring to diagnose platform issues, support onboarding, investigate security concerns, and maintain service reliability. Logs may include request metadata, service events, error details, and transaction-processing signals.
Service Providers
ModernEDI currently uses AWS for cloud infrastructure and service operation, Stripe for subscription billing and payment processing, and Microsoft 365 for business email and support correspondence. Umami analytics are self-hosted in AWS. See the Subprocessor List for the current public record.
Retention, Export, and Deletion Questions
Maps, partner configuration, and related workspace content are retained for at least 90 days after cancellation so customers can request reactivation or export. Other retention periods depend on the record type and the operational, security, billing, and legal need for it. Customers can contact ModernEDI to discuss an export or deletion request; some records may need to be retained longer for security, billing, dispute, backup, or legal purposes. See the Privacy Policy for the current policy language.
Responsible Disclosure
If you believe you have found a security issue, please contact us before disclosing it publicly. Include enough detail for us to understand and reproduce the issue. Do not access, modify, destroy, or exfiltrate data that does not belong to you, and do not disrupt service availability.
Security Contact
Security-related concerns can be sent to security@modernedi.com.