Trust Centre
Welcome to the Enprivacy Trust Centre. This is the central resource for information about how we build, secure, and maintain Enprivacy’s Invisiq platform.
Invisiq is a self-hosted product. You deploy and operate it within your own environment — your cloud account, your data centre, your network. That means your data stays with you. The content in this Trust Centre focuses on what we do to ensure the software we ship is trustworthy, and what controls you have as an operator.
Quick Reference
Section titled “Quick Reference”| Topic | Summary |
|---|---|
| Your data | Stored entirely in your infrastructure. Enprivacy has no access unless otherwise granted by you. |
| Artefact integrity | All release artifacts are signed. Checksums and SBOMs are published per release. |
| Vulnerability reporting | security@enprivacy.com — acknowledged within 3 business days |
| Security advisories | Link to be provided |
| Penetration testing | Annual; reports available on request under NDA |
| Certifications | See Compliance section |
Documentation
Section titled “Documentation”Security Practices
Section titled “Security Practices”- Supply Chain Security: How we secure our build pipeline, dependencies, and release artefacts
- Secure Development Lifecycle (SDL): Security controls embedded in our engineering process
- Infrastructure & Operational Security: Security of our internal build and distribution systems
Data & Privacy
Section titled “Data & Privacy”- Data Security & Privacy: What data the product processes, encryption, audit logging, and your controls as operator
Policies
Section titled “Policies”- Vulnerability Disclosure Policy: How to report a vulnerability and what to expect from us
Compliance
Section titled “Compliance”| Certification / framework | Status | Details |
|---|---|---|
| SOC 2 Type II | To be started in due course | We will be undertaking this certification in due course |
| ISO 27001 | To be started in due course | We will be undertaking this certification in due course |
| GDPR | Applicable | Data processor agreement available |
| PDPA | Applicable | In compliance (self-reported) |
| HIPAA | Not applicable | We are not currently undertaking this certification but may explore should it be required |
| PCI DSS | Not applicable | We are not currently undertaking this certification but may explore should it be required |
To request compliance reports or sign a data processor agreement, contact: compliance@enprivacy.com
Security Advisories
Section titled “Security Advisories”All known vulnerabilities in released versions of Enprivacy Invisiq are disclosed at:
{{Link to be provided}}
We recommend customers subscribe to advisory notifications to ensure timely awareness of any issues affecting their deployment. Notification options are described on the advisory page.
Contact
Section titled “Contact”We aim to respond to all security enquiries within 3 business days.
| Purpose | Contact |
|---|---|
| Vulnerability reports | security@enprivacy.com |
| Compliance and certifications | compliance@enprivacy.com |
| General security questions | security@enprivacy.com |