As a trusted partner of our customers, we have processes in place to protect your data from unauthorized access and to ensure that the data is used appropriately to serve your needs.

AICPA SOC 2 COMPLIANCE

We are a certified SOC 2 Type 2 compliant organization. The Service Organization Control 2 (SOC 2) is a standard established by the American Institute of Certified Public Accountants (AICPA). It’s a framework applied and followed by Software as a Service (SaaS) companies that want to better safeguard the privacy and security of customer data. SOC 2 certificate is a voluntary compliance standard that assesses the procedures and control processes in an organization.
More information about SOC for Service Organizations is available at aicpa.org/soc4so

DATA CENTER SECURITY

The Enlyft platform is hosted on Microsoft Azure, a leading cloud-services provider. Azure meets a broad set of international and industry-specific compliance standards, such as General Data Protection Regulation (GDPR), ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards, including Australia IRAP, UK G-Cloud, and Singapore MTCS. Rigorous third-party audits, such as those done by the British Standards Institute, verify Azure’s adherence to the strict security controls these standards mandate.

More information about Azure security is available at https://docs.microsoft.com/en-us/azure/security/azure-security

DATA SECURITY

The Enlyft Platform Architecture is designed from the ground up to ensure that each customer’s data is managed separately from other customers and from our proprietary Enlyft Company Graph™

Enlyft - Data Architecture

  • We place data received from each customer in separate isolated data stores.
  • Customer data is used only for models that are built for use by that customer.
  • All production modeling is done on our cloud-hosted platform within a virtual private cloud.
  • We use Transport Layer Security to protect data in transit between our data center and our customers
  • Customer data is purged 90 days after termination of a business contract or unless otherwise specified in the contract or instructed by the client.

NETWORK SECURITY

  • All data is secured within a private network in our data center.
  • Subnets are used to isolate various application servers.
  • Third-party tests are used to detect vulnerabilities and to apply patches preemptively

BACKUP AND RECOVERY

  • All mission-critical systems and data stores, including customer data are backed up regularly to ensure quick recovery from failure.
  • To ensure security, the backups are held within our cloud-provider’s data center.

SECURITY MONITORING AND ASSESSMENTS

  • Enlyft partners with external vendors to conduct penetration testing and to evaluate overall security
  • Enlyft continually monitors potential security risks and applies the latest security patches to various elements of our software stack.

CONTACT US

Enlyft, Inc.
123 Lake Street S, Suite 100
Kirkland, WA 98033
United States
(206) 337-3364