Protecting your data and privacy

At Envoy, we understand the sensitivity of your data, and we’re committed to ensuring confidentiality and reliability as critical components of our service to you.

Download PDF

Keeping your data secure

Envoy’s secure infrastructure, commitment to reliability, and third-party testing work together to safeguard your data.

Read more

Protecting your privacy

Keeping your visitors’ information safe is a responsibility we take incredibly seriously. Our policies and controls are designed to protect the collection, use, and disclosure of your visitors’ information.

Read more

Supporting your compliance needs

We’re committed to helping you meet your compliance strategies, in addition to enhancing our own body of certifications.

Read more

Keeping your data secure

Keeping your data secure

Our infrastructure

Data encryption

All customer data is transferred securely using TLS v1.2 and above from the iPad app and Envoy dashboard to the cloud. All requests are routed through Cloudflare which acts as a firewall. At rest, data is encrypted using AWS for databases and Cloudflare for object storage. Both AWS and Cloudflare use AES256 for disk encryption. Our IT infrastructure is 100% cloud-based.

Data storage

When your iPad is connected to a network, visitor data syncs to Envoy automatically, and all visitor records are stored in Envoy’s database. Backups are taken every day and stored off-site in either the AWS US-East-1 data center in Virginia, US-West-1 data center in California, or US-West-2 data center in Oregon. AWS oversees the physical security of these facilities and tightly controls who has access. Envoy never stores customer data on local devices or any other internal network.

Diagram of Envoy's data storage systems

Data retention

Envoy stores your data indefinitely while you’re a customer. We only delete or purge data upon explicit request. Customer data is available for download as a CSV file through the dashboard or via our API. Data can be anonymized, which removes all personally identifiable information from your Visitor Log, upon request. Envoy may retain customer data for up to 30 days after termination of the contract.

Reliability

Up time

We understand the importance of reliability and aspire to a 99.9% uptime. Envoy proactively protects against denial-of-service (DoS) attacks using CloudFlare’s advanced distributed DoS protection. We continually monitor uptime through third parties like Pingdom. You can view our current uptime and product status by visiting status.envoy.com.

Offline mode

If devices become disconnected from a network connection, visitors can continue to sign in on the iPad, and their data will be stored locally on the device. Upon reestablishing network connectivity, all locally stored visitor data will sync to Envoy. While offline, ID scanning and host notifications will be unavailable.

Third-party verification

Vulnerability testing

We seek out and proactively address vulnerabilities and exposures in Envoy’s code and dependencies through automated tools, peer-review, penetration tests, and a public bug bounty program. All public access to our applications is proxied through Cloudflare which detects and automatically blocks unexpected traffic.

Service Organization Controls (SOC)

Our security processes and controls are verified to meet SOC 2 Type II security standards. This includes using two-factor authentication, encrypting computers, logging administrator actions, tracking access grants using verified policies, and following repeatable processes for a consistent and secure customer experience.

Protecting your privacy

Protecting your privacy

Privacy policy

We have a strict policy to respect the privacy of sensitive customer data: we will never sell your visitor or employee data, and we will not contact your visitors or employees without explicit permission. Our support team will only access your account in the event of a technical support issue that requires real-time access.

Access management

Envoy makes it easy to centrally manage data and permissions for multiple facilities, no matter where you’re located. Role-based administration allows customers to provide the right Envoy access to specified team members on global- or location-specific levels. And SAML can be utilized to integrate with your single sign-on identity provider to further regulate access.

EU General Data Protection Regulation (GDPR)

We have made significant efforts to ensure we are in compliance with the General Data Protection Regulation (GDPR) and to help our customers comply with GDPR contractual obligations. To enter into Envoy’s Data Processing Addendum (DPA), please contact [email protected] to receive a copy for review and signature.

Supporting your compliance needs

Supporting your compliance needs

We understand the impact that compliance requirements have on your business. That’s why we're committed to providing features that may help you with your compliance strategies, in addition to enhancing our own body of compliance certifications.

Envoy helps support compliance with the following standards and regulations:

  • EU General Data Protection Regulation (GDPR)
  • Service Organization Controls (SOC)
  • International Traffic in Arms Regulations (ITAR)
  • FDA Food Safety Modernization Act (FSMA)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Gramm-Leach-Billey Act (GLBA)
  • Customs-Trade Partnership Against Terrorism (C-TPAT)
  • Federal Information Security Modernization Act (FISMA)