Security is everything at Enhancio. We are committed to being transparent about our practices and helping our customers understand our approach to security. As a 100% GDPR compliant company, data privacy and security lie at the core of our technology and our culture. Delivering excellent service while protecting our customers privacy and data are of utmost importance to us.
To reduce the risk of unauthorized access to data, Enhancio employs multi-factor authentication for administrative access to systems with highly sensitive data.
OAuth2 for Authentication
Enhancio application uses OAuth2 based authentication to eliminate the risk of unauthorized access.
Enhancio strictly enforces a set of password requirements to ensure security standards are met:
- Passwords must be a minimum of 8 characters in length and include a mix of uppercase and lowercase letters as well as numbers and symbols.
- Temporary password reset link will be sent to the user's pre-registered email address if the user clicks the forgot password link. If need be, users account can be disabled manually.
- End-user account passwords stored on Enhancio servers are encrypted.
Secure Credential Storage
Credentials are stored in encrypted form and are not in human-readable format.
API Security & Authentication
By default, Enhancio's services are served over Organization validated SSL. Services which require an authentication are only served over HTTPS.
System Monitoring and Logging
Enhancio monitors servers and workstations to retain and analyze a comprehensive view of its corporate and production infrastructure. Administrative access, use of privileged commands, and system calls on all servers in the Company's production network are logged.
Enhancio collects and stores production logs. Access to the logs are restricted to members of the Security team.
Data Encryption in Transit
Enhancio transmits data over public networks using strong encryption. This includes data transmitted between our customers and our cloud-based service.
Data at rest is hosted in data centers maintained by industry-leading service providers. Data center providers offer state-of-the-art physical protection for the servers and related infrastructure that comprise the operating environment for Enhancio’s services. These service providers are responsible for restricting physical access to Enhancio’s systems to authorized personnel.
Tokens are set to expire upon 180 minutes of inactivity.
When sign out occurs, all cookies from the client are deleted and the access token is invalidated.
Additional Product Security Features
User Privileges & Roles
Enhancio provides granular access rights which can be configured to set permission levels, based on user roles, for different users to manage users, approve, review, sign, integrate, edit, and read.
Network and Transmission Controls
Enhancio utilizes industry-standard communication encryption technologies to ensure all communications are secured. Therefore, all end-user communications within Enhancio are secured with encryption. The connection is protected by Organization validated SSL/TLS everywhere.
Enhancio updates its network architecture continuously. Redundant firewalls, secure HTTPS transport over public networks and the latest router technologies are in place to ensure maximum protection.
DMZ is used to add an additional layer of security to the architecture of our local area network. With DMZ, services have different subnets (databases, cache layer or application servers) according to their sensitivity levels. Each zone has specific monitoring and access controls.
Enhancio has comprehensive activity monitoring system that stores logs at all account levels for sign-in/sign-out to user accounts, creating users, setting user permissions and password changes, and creating, deleting, updating, starting and/or pausing scenarios/personalization.
Data Confidentiality and Job Controls
Internal Access to Data
Your account data stored on Enhancio's servers cannot be accessed by employees or contractors unless they need this information to perform a specific job function, i.e. providing customer support. If need be, employees need to use very strong passwords and two-factor authentication to access Enhancio's servers.
On top of having strict rules and regulations for accessing data on our servers, Enhancio employees are required to sign confidentiality agreements before they are allowed to access our servers.
Under our zero-trust policy, all employee access to our servers is logged and audited. In case of an abuse, Enhancio employees are subject to disciplinary action, including but not limited to termination. All Enhancio employees are background checked prior to the employment.
All new employees go through security screening during our hiring process and they are required to sign confidentiality and Non-disclosure agreements.
Security in Engineering
Product Security Overview
We run in-depth vulnerability assessments using end-to-end, unit and integration tests and have deployment controls in place.
Our engineers conduct peer code reviews to ensure highest quality and our automated code tests are designed to detect and fix common vulnerabilities. We also conduct manual tests on sensitive areas of our code base.
Disaster Recovery, Failover and DR
Enhancio was built with disaster recovery in mind. We use Amazon Web Services (AWS), a well-known cloud service provider. To mitigate service interruption risks in case of a disaster, we replicate data and keep them in multiple data centers. In case of a disaster or fail, services will not be interrupted.
We perform continuous backup of data. Headquartered in New York, with an offshore subsidiary in Bangalore, India, we can ensure hundred percent support in case of a disaster to ensure business continuity.
Enhancio has an Incident Response team that quickly and systematically respond in case of a security incident. You can write to us at email@example.com.
Each customer account data is logically separated from other customers. Every customer's data is solely used for that customer and only accessed to provide support to that customer. We will never share or sell customer data to 3rd parties. Our policy around data protection is clearly outlined in the Data Processing Addendum (DPA).
Enhancio services and data are hosted on Amazon Web Services (AWS) facilities in United States and in Ireland. Access to data centers is strictly limited to authorized personnel with verified biometric identity. AWS data centers are physically protected by security guards, video monitoring and other on-premise security measures.
All Enhancio servers are within our virtual private cloud (VPC). We have network access control lists (ACLs) in place to prevent unauthorized requests. We keep testing and staging environments physically separate from the production environment. Service Data is not used in the development or test environments.
If you have any questions regarding Enhancio's security measures, please write to us at firstname.lastname@example.org or contact our Support at email@example.com.
Our security measures are subject to change, as building data security is a continuous process that shapes the foundation of our development processes and outstanding performance of our industry-leading technologies. We may update this page from time to time to reflect changes. Therefore, please check this page often. The use of Enhancio services is subject to the terms, conditions, and disclaimers in our Terms of Service.