Security Policies

At Enrich Labs, Inc. ("we," "us," or "our"), security is foundational to everything we build. We are committed to protecting the confidentiality, integrity, and availability of our customers' data and our platform. This page outlines the security measures and policies we maintain across our organization and infrastructure.

Infrastructure Security

Our infrastructure is designed with security as a priority:

• All services are hosted on industry-leading cloud providers with SOC 2 Type II and ISO 27001 certifications
• Data is encrypted at rest using AES-256 encryption
• All data in transit is protected with TLS 1.2 or higher
• Infrastructure is deployed across multiple availability zones for redundancy
• Automated backups are performed regularly with encrypted storage

Application Security

We follow secure development practices throughout the software development lifecycle:

• Secure coding guidelines are enforced across all development teams
• Code reviews are required for all changes before deployment
• Dependencies are regularly audited and updated to address known vulnerabilities
• Authentication is enforced using industry-standard protocols including OAuth 2.0
• Sensitive credentials such as OAuth tokens and API keys are encrypted at the application level
• Access controls limit data access to authorized personnel only

Organizational Security

Security is part of our company culture:

• All employees complete security awareness training upon onboarding and annually thereafter
• Background checks are conducted for all employees with access to customer data
• Access to production systems follows the principle of least privilege
• Employee access is reviewed periodically and revoked promptly upon departure
• Confidentiality agreements are required for all team members and contractors

Network Security

We employ multiple layers of network defense:

• Rate limiting is enforced to protect against abuse and brute-force attacks
• CORS policies and CSRF protections are implemented across our applications
• Access to production systems is restricted and requires authentication
• Our cloud infrastructure provides built-in DDoS protection and network isolation

Incident Response

We maintain a formal incident response program:

• A documented incident response plan covers identification, containment, eradication, and recovery
• Designated incident response team members are trained and on call
• Affected customers are notified promptly in the event of a security incident that impacts their data
• Post-incident reviews are conducted to identify root causes and prevent recurrence

Business Continuity and Disaster Recovery

We plan for continuity and resilience:

• Business continuity and disaster recovery plans are documented and tested
• Automated failover and redundancy ensure minimal service disruption
• Data backups are stored in geographically separate locations
• Recovery time and recovery point objectives are defined and regularly validated

Contact Us

If you have questions about our security practices or would like to report a security concern, please contact us at: info@enrichlabs.ai