Security and privacy

Security and privacy

At Envoy, we understand the sensitivity of your data

At Envoy, we understand the sensitivity of your data, and we’re committed to ensuring confidentiality and reliability as critical components of our service to you. We take your trust very seriously, and we’re proud to provide a secure infrastructure that protects your visitor data and company information.

Thousands of global companies choose and trust Envoy, from private companies like Pixar and Reddit, to public companies such as Yelp, Pandora, Box and Shopify. Plus, customers from highly-regulated industries like OnRamp (data center), Roche (pharmaceutical) and Planet Labs (government) all depend on Envoy to demonstrate compliance.

“Since Envoy’s first day, when I was the engineer building our initial product, security has always been a first-class citizen. Our customers' trust is critical, and we realized this early on. Even with Envoy's expanding functionality, data security is still key and is part of every decision we make. That’s how it always will be.”

—Larry Gadea, CEO of Envoy

Centralized account management

Envoy makes it easy to centrally manage data and permissions for multiple facilities, no matter where you’re located. Role-based administration allows customers to provide the right Envoy access to specified team members on global or location-specific levels. And SAML can be utilized to integrate with your single sign-on identity provider to further regulate access.

All visitor information is stored in secure cloud servers and can only be accessed by specified administrators. Robust visitor logs can be exported with just one click, an especially useful feature for our customers that require compliance with PCI, DSS, ITAR and other frameworks.

Secure and trusted infrastructure

All customer data is transferred securely using HTTPS (SSL connection) from the iPad app and Envoy dashboard to secure cloud and servers. At rest, data is encrypted using Heroku encrypted databases and AWS S3 Server-side Encryption. Envoy protects against denial-of-service (DoS) attacks using CloudFlare’s advanced DDoS protection.

placeholder

Reliability

We understand the importance of reliability and aspire to a 99.9% uptime. We continually monitor uptime through third parties like Pingdom. You can view our current uptime and product status by visiting status.envoy.com.

placeholder

Offline-mode

If devices become disconnected from a network connection, visitors can continue to sign in on the iPad, and their data will be stored locally on the device. Upon reestablishing network connectivity, all locally stored visitor data will sync to Envoy.

placeholder

Data storage

When your iPad is connected to a network, visitor data syncs to Envoy automatically, and all visitor records are stored in Envoy’s database. Backups are taken every day and stored offsite in the AWS US-West-2 data center in Oregon. Envoy never stores customer data on local devices or any other internal network.

placeholder

Privacy

We have a strict policy to respect the privacy of sensitive customer data: we will never sell your visitor or employee data, and we will not contact your visitors or employees without explicit permission. Our support team will only access your account in the event of a technical support issue that requires real-time access.

Security FAQ

How do Envoy users authenticate to the dashboard?

End users may authenticate to Envoy either with a username and password or by enabling SAML-based single sign-on. Envoy supports SAML 2.0 and can integrate with most IdPs, including Okta and ADFS.

Where is customer data stored?

All customer data and metadata is stored in AWS in the US-East-1 DC in Virginia. Envoy never stores customer data on local devices or any other internal network.

Who can access customer data?

Our support team only accesses customer accounts in the event of a technical support issue that requires real-time access. Envoy forbids accessing client data outside of those circumstances.

How does Envoy manage data encryption?

Envoy uses Heroku Encrypted Postgres (AES-256 disk encryption). Private TLS keys are managed by Cloudflare; disk encryption keys for data at rest are managed by Heroku and AWS; application encryption keys are managed by Heroku with restricted access for required Envoy employees.

How long does Envoy store my data?

Envoy stores your data indefinitely while you’re a customer. We only delete or purge data upon explicit request. If you choose to end your subscription, Envoy will maintain your data for 30 days after cancellation and will thereafter delete or destroy your data.

What happens if Envoy service is disconnected?

In this unlikely event, customers will be given no less than 60 days notice. During this period, data can extracted from the application at anytime. When the service is shut down, all data will be kept for up to 60 additional days before being completely destroyed.