At Envoy, we understand the sensitivity of your data
At Envoy, we understand the sensitivity of your data, and we’re committed to ensuring confidentiality and reliability as critical components of our service to you. We take your trust very seriously, and we’re proud to provide a secure infrastructure that protects your visitor data and company information.
Thousands of global companies choose and trust Envoy, from private companies like Pixar and Reddit, to public companies such as Yelp, Pandora, Box and Shopify. Plus, customers from highly-regulated industries like OnRamp (data center), Roche (pharmaceutical) and Planet Labs (government) all depend on Envoy to demonstrate compliance.
“Since Envoy’s first day, when I was the engineer building our initial product, security has always been a first-class citizen. Our customers' trust is critical, and we realized this early on. Even with Envoy's expanding functionality, data security is still key and is part of every decision we make. That’s how it always will be.”—Larry Gadea, CEO of Envoy
Centralized account management
Envoy makes it easy to centrally manage data and permissions for multiple facilities, no matter where you’re located. Role-based administration allows customers to provide the right Envoy access to specified team members on global or location-specific levels. And SAML can be utilized to integrate with your single sign-on identity provider to further regulate access.
All visitor information is stored in secure cloud servers and can only be accessed by specified administrators. Robust visitor logs can be exported with just one click, an especially useful feature for our customers that require compliance with PCI, DSS, ITAR and other frameworks.
We understand the importance of reliability and aspire to a 99.9% uptime. We continually monitor uptime through third parties like Pingdom. You can view our current uptime and product status by visiting status.envoy.com.
If devices become disconnected from a network connection, visitors can continue to sign in on the iPad, and their data will be stored locally on the device. Upon reestablishing network connectivity, all locally stored visitor data will sync to Envoy.
When your iPad is connected to a network, visitor data syncs to Envoy automatically, and all visitor records are stored in Envoy’s database. Our databases are continuously backed up to different AWS availability zones. Envoy never stores customer data on local devices or any other internal network.
We have a strict policy to respect the privacy of sensitive customer data: we will never sell your visitor or employee data, and we will not contact your visitors or employees without explicit permission. Our support team will only access your account in the event of a technical support issue that requires real-time access.
How do Envoy users authenticate to the dashboard?
End users may authenticate to Envoy either with a username and password or by enabling SAML-based single sign-on. Envoy supports SAML 2.0 and can integrate with most IdPs, including Okta and ADFS.
Where is customer data stored?
All customer data and metadata is stored in AWS in the US-East-1 DC in Virginia, US-West-1 DC in California and US-West-2 DC in Oregon. Envoy never stores customer data on local devices or any other internal network.
Who can access customer data?
Our support team only accesses customer accounts in the event of a technical support issue that requires real-time access. Envoy forbids accessing client data outside of those circumstances.
How does Envoy manage data encryption?
Envoy uses Heroku Encrypted Postgres (AES-256 disk encryption). Private TLS keys are managed by Cloudflare; disk encryption keys for data at rest are managed by Heroku and AWS; application encryption keys are managed by Heroku with restricted access for required Envoy employees.
How long does Envoy store my data?
Envoy stores your data indefinitely while you’re a customer. We only delete or purge data upon explicit request. If you choose to end your subscription, Envoy will maintain your data for 30 days after cancellation and may thereafter delete or destroy your data.
What happens if Envoy service is disconnected?
In this unlikely event, customers will be given no less than 60 days notice. During this period, data can extracted from the application at anytime. When the service is shut down, all data will be kept for up to 60 additional days before being completely destroyed.