Protecting your data and privacy

At Envoy, we understand the sensitivity of your data, and we’re committed to ensuring confidentiality and reliability as critical components of our service to you.

Illustration showing security in form of shield and lock

Keeping your data secure

Envoy’s secure infrastructure, commitment to reliability, and third-party testing work together to safeguard your data.

Learn more

Protecting your privacy

Keeping your visitors’ and employees information safe is a responsibility we take incredibly seriously. Our policies and controls are designed to protect the collection, use, and disclosure of this information.

Learn more

Supporting your compliance needs

We’re committed to helping you meet your compliance strategies, in addition to enhancing our own body of certifications.

Learn more

Keeping your data secure

Our infrastructure

Data encryption

All customer data is transferred securely using TLS v1.2 and above from the iPad app and Envoy dashboard to the cloud. All requests are routed through Cloudflare which acts as a firewall. At rest, data is encrypted using AWS for databases and object storage. Both AWS and Cloudflare use AES256 for disk encryption. Our IT infrastructure is 100% cloud-based.

Data storage

When your iPad or mobile device is connected to a network, data syncs to Envoy automatically, and all records are stored in Envoy’s database. Backups are taken every day and stored off-site in the AWS US-East-1 data center in Virginia. AWS oversees the physical security of these facilities and tightly controls who has access.

Black and white line drawing style illustration showing Envoy data storage ecosystem.

Data retention

Envoy customers have options when it comes to what sign-in data they retain from employees and visitors.

By default, Envoy stores visitors’ responses to your sign-in and purges employees’ responses to your Protect health check. Companies on Premium and Enterprise plans can choose to save or purge the responses to both their visitor sign-in and employee health check. Retention settings can also be managed on a question by question basis for additional flexibility.

When responses are purged, the responses will be sent to Envoy’s server to determine if that person is approved or denied entry. This occurs in sub-seconds and then the data is deleted and not saved to our database. We run periodic jobs to ensure all data, except for the screening result (approved or denied) is deleted within 24 hours on all of Envoy’s databases.

Any visitor and employee sign-in data that is saved to Envoy based on your retention settings can be purged upon explicit request. This includes, sign-in and sign-out time for each entry, all information provided in the sign-in fields, private notes, visitor photos, and signed documents. Envoy may retain data not related to sign-ins like account settings, user profiles, and location details, for up to 30 days after the termination of the contract.


Up time

We understand the importance of reliability and aspire to a 99.9% uptime. Envoy proactively protects against denial-of-service (DoS) attacks using CloudFlare’s advanced distributed DoS protection. We continually monitor uptime through third parties like Pingdom. You can view our current uptime and product status by visiting

Offline mode

If devices become disconnected from a network connection, visitors can continue to sign in on the iPad, and their data will be stored locally on the device. Upon reestablishing network connectivity, all locally stored visitor data will sync to Envoy. While offline, ID scanning and host notifications will be unavailable.

Third-party verification

Vulnerability testing

We seek out and proactively address vulnerabilities and exposures in Envoy’s code and dependencies through automated tools, peer-review, penetration tests, and a public bug bounty program. All public access to our applications is proxied through Cloudflare which detects and automatically blocks unexpected traffic. To submit a vulnerability please request access to our bug bounty program, or contact us directly.

Service Organization Controls (SOC)

Our security processes and controls are verified to meet SOC 2 Type II security standards. This includes using two-factor authentication, encrypting computers, logging administrator actions, tracking access grants using verified policies, and following repeatable processes for a consistent and secure customer experience.

Core Subprocessors Technical and Organisational Security Measures

Protecting your privacy

Data protection

We have a strict policy to respect the privacy of sensitive customer data: we will never sell your visitor or employee data, and we will not contact your visitors or employees without explicit permission. Our support team will only access your account in the event of a technical support issue that requires real-time access.

Employee and visitor privacy

If you choose to ask questions about your employees’ or visitors’ health, you can choose to discard their responses and keep them private to those individuals. If you choose to discard responses, your team will not have access to this data in any form, whether through a dashboard, report, or otherwise. To help your team keep your workplace safe, administrators can see if someone was approved or denied entry based on their responses. If you choose to review employees’ vaccination documentation, Envoy will store this data separately, and limit access to global administrators only.

Access management

Envoy makes it easy to centrally manage data and permissions for multiple facilities, no matter where you’re located. Role-based administration allows customers to provide the right Envoy access to specified team members on global- or location-specific levels. And SAML can be utilized to integrate with your single sign-on identity provider to further regulate access.

EU General Data Protection Regulation (GDPR)

We have made significant efforts to ensure we are in compliance with the General Data Protection Regulation (GDPR) and to help our customers comply with GDPR contractual obligations. Data transfers from UK and EU customers are conducted under our Data Protection Agreement.

California Consumer Privacy Act (CCPA)

Envoy complies with the CCPA (California Consumer Privacy Act), which became effective January 2020, and as amended by the CPRA. As currently defined in those regulations, Envoy will operate as a Service Provider to its customers. Envoy processes personal information as provided in its California Privacy Rights Act Addendum.

Please contact us at for the following actions related to CCPA:

  • More general information or questions on how Envoy is complying with CCPA
  • For Business Customer requests to review, correct, update, delete or otherwise modify any of their data that may been collected through Envoy
  • To unsubscribe from marketing emails (please put “unsubscribe” in the subject line)

Supporting your compliance needs

We understand the impact that compliance requirements have on your business. That’s why we're committed to providing features that may help you with your compliance strategies, in addition to enhancing our own body of compliance certifications.

Envoy helps support compliance with the following standards and regulations:

  • EU General Data Protection Regulation (GDPR)
  • Service Organization Controls (SOC)
  • International Traffic in Arms Regulations (ITAR)
  • FDA Food Safety Modernization Act (FSMA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Gramm-Leach-Billey Act (GLBA)
  • Customs-Trade Partnership Against Terrorism (C-TPAT)
  • Federal Information Security Modernization Act (FISMA)

Learn more about how Envoy can help you comply with these regulations on our compliance certifications page. You can also request to view our compliance documents.