Security at Enhancio

Security is everything at Enhancio. We are committed to being transparent about our practices and helping our customers understand our approach to security. As a 100% GDPR compliant company, data privacy and security lie at the core of our technology and our culture. Delivering excellent service while protecting our customers privacy and data are of utmost importance to us.

Authentication Security

Multi-Factor Authentication

To reduce the risk of unauthorized access to data, Enhancio employs multi-factor authentication for administrative access to systems with highly sensitive data.

OAuth2 for Authentication

Enhancio application uses OAuth2 based authentication to eliminate the risk of unauthorized access.

Password Management

Enhancio strictly enforces a set of password requirements to ensure security standards are met:

• Passwords must be a minimum of 8 characters in length and include a mix of uppercase and lowercase letters as well as numbers and symbols.
• Temporary password reset link will be sent to the user's pre-registered email address if the user clicks the forgot password link. If need be, users account can be disabled manually.
• End-user account passwords stored on Enhancio servers are encrypted.

Secure Credential Storage

Credentials are stored in encrypted form and are not in human-readable format. 

API Security & Authentication

By default, Enhancio's services are served over Organization validated SSL. Services which require an authentication are only served over HTTPS. 

System Monitoring and Logging

Monitoring

Enhancio monitors servers and workstations to retain and analyze a comprehensive view of its corporate and production infrastructure. Administrative access, use of privileged commands, and system calls on all servers in the Company's production network are logged.

Logging

Enhancio collects and stores production logs. Access to the logs are restricted to members of the Security team.

Data Encryption in Transit

Enhancio transmits data over public networks using strong encryption. This includes data transmitted between our customers and our cloud-based service. 

Data at rest is hosted in data centers maintained by industry-leading service providers. Data center providers offer state-of-the-art physical protection for the servers and related infrastructure that comprise the operating environment for Enhancio’s services. These service providers are responsible for restricting physical access to Enhancio’s systems to authorized personnel.

Token Management

Token Timeout

Tokens are set to expire upon 180 minutes of inactivity.

Sign Out

When sign out occurs, all cookies from the client are deleted and the access token is invalidated. 

Additional Product Security Features

User Privileges & Roles

Enhancio provides granular access rights which can be configured to set permission levels, based on user roles, for different users to manage users, approve, review, sign, integrate, edit, and read.

Network and Transmission Controls

SSL/TLS

Enhancio utilizes industry-standard communication encryption technologies to ensure all communications are secured. Therefore, all end-user communications within Enhancio are secured with encryption. The connection is protected by Organization validated SSL/TLS everywhere.

Network Security

Protection

Enhancio updates its network architecture continuously. Redundant firewalls, secure HTTPS transport over public networks and the latest router technologies are in place to ensure maximum protection.

Architecture

DMZ is used to add an additional layer of security to the architecture of our local area network. With DMZ, services have different subnets (databases, cache layer or application servers) according to their sensitivity levels. Each zone has specific monitoring and access controls.

Access Logs

Enhancio has comprehensive activity monitoring system that stores logs at all account levels for sign-in/sign-out to user accounts, creating users, setting user permissions and password changes, and creating, deleting, updating, starting and/or pausing scenarios/personalization.

Data Confidentiality and Job Controls

Internal Access to Data

Your account data stored on Enhancio's servers cannot be accessed by employees or contractors unless they need this information to perform a specific job function, i.e. providing customer support. If need be, employees need to use very strong passwords and two-factor authentication to access Enhancio's servers.

Job Controls

On top of having strict rules and regulations for accessing data on our servers, Enhancio employees are required to sign confidentiality agreements before they are allowed to access our servers.

Employee Vetting

Background Checks

Under our zero-trust policy, all employee access to our servers is logged and audited. In case of an abuse, Enhancio employees are subject to disciplinary action, including but not limited to termination. All Enhancio employees are background checked prior to the employment.

Confidentiality Agreements

All new employees go through security screening during our hiring process and they are required to sign confidentiality and Non-disclosure agreements.

Security in Engineering

Product Security Overview

We run in-depth vulnerability assessments using end-to-end, unit and integration tests and have deployment controls in place.

Code Assessments

Our engineers conduct peer code reviews to ensure highest quality and our automated code tests are designed to detect and fix common vulnerabilities. We also conduct manual tests on sensitive areas of our code base.

Availability Controls

Disaster Recovery, Failover and DR

Enhancio was built with disaster recovery in mind. We use Amazon Web Services (AWS), a well-known cloud service provider. To mitigate service interruption risks in case of a disaster, we replicate data and keep them in multiple data centers. In case of a disaster or fail, services will not be interrupted.

We perform continuous backup of data. Headquartered in New York, with an offshore subsidiary in Bangalore, India, we can ensure hundred percent support in case of a disaster to ensure business continuity.

Incident Response

Enhancio has an Incident Response team that quickly and systematically respond in case of a security incident. You can write to us at security@enhancio.com.

Segregation Controls

Data Segregation

Each customer account data is logically separated from other customers. Every customer's data is solely used for that customer and only accessed to provide support to that customer. We will never share or sell customer data to 3rd parties. Our policy around data protection is clearly outlined in the Data Processing Addendum (DPA).

Physical Security

Enhancio services and data are hosted on Amazon Web Services (AWS) facilities in United States and in Ireland. Access to data centers is strictly limited to authorized personnel with verified biometric identity. AWS data centers are physically protected by security guards, video monitoring and other on-premise security measures.

All Enhancio servers are within our virtual private cloud (VPC). We have network access control lists (ACLs) in place to prevent unauthorized requests. We keep testing and staging environments physically separate from the production environment. Service Data is not used in the development or test environments.

Additional Terms

If you have any questions regarding Enhancio's security measures, please write to us at security@enhancio.com  or contact our Support at support@enhancio.com. 

Our security measures are subject to change, as building data security is a continuous process that shapes the foundation of our development processes and outstanding performance of our industry-leading technologies. We may update this page from time to time to reflect changes. Therefore, please check this page often. The use of Enhancio services is subject to the terms, conditions, and disclaimers in our Terms of Service.