At Envoy, we understand the sensitivity of your data, and we’re committed to ensuring confidentiality and reliability as critical components of our service to you. We take your trust very seriously, and we’re proud to provide a secure infrastructure that protects your visitor data and company information.
How Envoy improves data security
You can rely on Envoy to have your data backed up, easily accessible and stored safely. This article outlines our policies that protect your sensitive information. You can also learn more on our security page.
Benefits of using Envoy to improve data security
- Visitor management is our full time job, so you can trust us to keep your system running and make your life easier.
- We run on a secure and trusted infrastructure (Heroku and AWS).
- Our product protects visitor data from other visitors, and our policies protect your sensitive data under all circumstances.
Unlike paper guest books, Envoy keeps visitor information confidential. The iPad displays your logo when no one is signing in. This way, guests cannot “innocently notice” other visitor’s details.
We have a strict policy to respect the privacy of sensitive customer data: We will never sell your visitor or employee data, and we will not contact your visitors or employees without explicit permission. Our support team will only access your account in the event of a technical support issue that requires real-time access.
All customer data is transferred securely using HTTPS (SSL connection) from the iPad app and Envoy dashboard to secure cloud and servers. At rest, data is encrypted using Heroku encrypted databases and AWS S3 Server-side Encryption. Envoy protects against denial-of-service (DoS) attacks using CloudFlare’s advanced DDoS protection.
All customer data and metadata is stored in AWS in the US-East-1 DC in Virginia. Envoy never stores customer data on local devices or any other internal network.
When your iPad is connected to a network, visitor data syncs to Envoy automatically, and all visitor records are stored in Envoy’s database. Backups are taken every day and stored offsite in the AWS US-West-2 data center in Oregon. Envoy does not store data locally, with the exception of Offline mode. When the iPad is in offline mode, we use NSKeyedArchiver to encode the visitor's information and then save the data by using NSUserDefaults. We store the employee list, in a similar fashion. The names are cached and stored encrypted. Once the iPad reconnects to the Internet all the data is removed from the device.
Role-based administration allows customers to provide the right Envoy access to specified team members on global or location-specific levels. Employee users can only access their personal visitors and invites, and do not have access to all visitors or sensitive account data or settings.
End users may authenticate to Envoy either with a username and password or by enabling SAML-based single sign-on. Envoy supports SAML 2.0 and can integrate with most IdPs, including Okta and ADFS.