Security

Security Approach

Enck is built for business operations workflows, so the platform is designed around layered controls for access, isolation, vendor management, and incident response. We prioritize managed infrastructure and established provider controls over custom security code where a well-supported platform service is the safer option.

Governance and Policy

Enck maintains documented information security procedures covering access control, authentication, vulnerability management, incident handling, vendor oversight, and data governance. These materials are reviewed at least annually and when material architectural, legal, or vendor changes occur.

Security and compliance requests can be routed to hello@enck.ai.

Platform and Infrastructure Controls

• Encrypted transport for traffic between browsers, application services, and managed vendors.
• Managed hosting and database platforms with network boundary controls and service authentication.
• Tenant isolation controls in application storage layers, including row-level data access restrictions where supported.
• Secrets and API credentials stored using managed environment and provider tooling rather than hard-coded application logic.

Identity and Access Management

• Authentication and session handling through managed identity and application controls.
• Role-based permissions for customer workspaces and internal operations paths.
• Approval and trust-tier controls for higher-risk actions performed by automation workflows.
• Least-privilege access for internal systems and operational accounts.

Monitoring and Response

• Health checks, service logs, and operational telemetry to detect failures and unusual behavior.
• Auditability around billing, approvals, and critical application actions.
• Operational runbooks for restoring service and investigating incidents.
• Patch and maintenance workflows for application dependencies and infrastructure components.

Vulnerability Management

Enck maintains a documented vulnerability management process for application dependencies, production infrastructure, and core runtime components. We use maintained dependency monitoring, deployment checks, and infrastructure maintenance workflows to identify and address security issues.

• Weekly dependency monitoring for core package ecosystems.
• Defined remediation targets based on severity and business impact.
• Review and replacement of end-of-life or unsupported software on a risk-prioritized basis.

Vendor and Subprocessor Management

Enck depends on specialized providers for hosting, databases, payments, model access, messaging, email, and connected account functionality. We choose vendors to reduce the amount of bespoke infrastructure code we need to maintain and to inherit mature controls from those providers.

Current providers are listed on the Subprocessors page.

Shared Responsibility

Security is shared. Customers are responsible for choosing appropriate integrations, reviewing outputs, protecting user accounts, limiting the data they submit, and configuring internal approval processes for sensitive actions.

Compliance and Documentation

If your team needs security questionnaires, privacy terms, or vendor review support, start with our Compliance page or contact us directly. Formal attestations or contractual commitments are only provided where explicitly agreed in writing.

Responsible Disclosure

If you believe you have identified a vulnerability or material security issue, email hello@enck.ai with affected systems, reproduction steps, and impact details. Please avoid testing methods that could degrade service, access data you do not own, or violate law.