EnvisionTech.ai Security and Compliance Statement
At EnvisionTech.ai, our foremost security priority is to protect our customers’ data. We are committed to building trust by investing in robust corporate, product, and infrastructure security programs. These programs are guided and overseen by other departments to ensure customer safety and service integrity.
SECURITY AND COMPLIANCE OBJECTIVES
EnvisionTech.ai has designed its security framework in line with SaaS industry best practices. Our key objectives are:
Customer Trust and Data Protection: Provide superior services while safeguarding customer data privacy and confidentiality.
Service Availability and Continuity: Ensure high availability and minimize risks of service disruptions.
Information Integrity: Maintain the accuracy and reliability of customer data.
Compliance: Adhere to or exceed recognized industry standards.
SECURITY CONTROLS OVERVIEW
To ensure the security of entrusted data, EnvisionTech.ai employs comprehensive administrative, technical, and physical controls across the organization.
INFRASTRUCTURE SECURITY
CLOUD HOSTING
EnvisionTech.ai does not operate on-premise product infrastructure. Instead, we utilize reputable cloud providers like Google Cloud Platform and Amazon Web Services (AWS). Our infrastructure is hosted in the U.S., relying on these providers’ independently audited security and compliance programs.
Google Cloud guarantees ≥99.5% uptime and publishes details via its Compliance Resource Center.
AWS offers up to 100% service reliability, and its disaster recovery protocols meet SOC 2 Type 2 and ISO 27001 certifications (AWS Compliance).
NETWORK SECURITY
EnvisionTech.ai enforces stringent perimeter protections through firewalls, logical isolation, and access control lists. All firewall rules undergo regular review and modification control.
CONFIGURATION MANAGEMENT
Our infrastructure is highly automated. Containers are provisioned from secure, baseline configurations that self-correct within 30 minutes if deviations occur. Patches are applied via automation or by cycling non-compliant instances.
LOGGING, MONITORING & ALERTING
All events within the EnvisionTech.ai application are logged and centrally stored. Logs are tightly controlled and retained in accordance with policy. Anomalous behavior triggers automatic alerts and may initiate mitigation processes such as throttling or session termination.
APPLICATION SECURITY
WEB APP DEFENSE
All hosted content is protected against DDoS and other application-level threats. We follow OWASP Top 10 recommendations and monitor behavior-based anomalies.
DEVELOPMENT PIPELINE
Using a continuous delivery model, our development lifecycle includes rigorous code review, automated testing, static code analysis, and dynamic security testing. Deployments are version-controlled with rollback capabilities and segmented environments for staging and production.
VULNERABILITY MANAGEMENT
DATA CLASSIFICATION
Our platform should not be used to collect or store sensitive data like Social Security numbers, health records, or payment details (see Terms of Service).
TENANT SEPARATION
Our multi-tenant architecture uses unique identifiers to isolate customer data, reinforced by continuous validation and audit logging.
ENCRYPTION
In Transit: TLS 1.2 or 1.3 with 2048-bit encryption.
At Rest: AES-256 standard.
Passwords: Hashed and encrypted.
KEY MANAGEMENT
Encryption keys are managed securely via our KMS, and TLS keys are handled by our CDN partner. Key rotation occurs regularly based on data sensitivity.
BACKUP & DISASTER RECOVERY
System Backups: Retained for 7 days, monitored for execution success.
Storage: Data is backed up daily to the local region; no physical media is used.
Restoration: Some customer data can be recovered directly. Other recovery processes are managed by EnvisionTech.ai engineers.
IDENTITY AND ACCESS MANAGEMENT
USER CONTROLS
Portal admins have granular access controls and can enforce two-factor authentication (2FA).
EMPLOYEE ACCESS
Access is role-based, minimal, and restricted. SSH access requires bastion host routing and authentication via IAM roles. Access reviews occur biannually.
CORPORATE SECURITY & COMPLIANCE
HIRING & ONBOARDING
All employees undergo third-party background checks. They also agree to our Code of Conduct and Employee Handbook.
POLICY MANAGEMENT
We maintain a comprehensive Written Information Security Policy (WISP), reviewed annually.
SECURITY AWARENESS
Cybersecurity training is mandatory for all employees, including phishing awareness modules.
VENDOR MANAGEMENT
We assess third-party service providers for adequate security and privacy controls.
SECTION 6 - ACCURACY OF BILLING AND ACCOUNT INFORMATION
We reserve the right to refuse any order you place with us. We may, in our sole discretion, limit or cancel quantities purchased per person, per household, or per order. These restrictions may include orders placed by or under the same customer account, the same credit card, and/or orders that use the same billing and/or shipping address. In the event that we make a change to or cancel an order, we may attempt to notify you by contacting the e-mail and/or billing address/phone number provided at the time the order was made. We reserve the right to limit or prohibit orders that, in our sole judgment, appear to be placed by dealers, resellers, or distributors.
You agree to provide current, complete, and accurate purchase and account information for all purchases made at our store. You agree to promptly update your account and other information, including your email address and credit card numbers, and expiration dates so that we can complete your transactions and contact you as needed.
For more detail, please review our Returns Policy.
ENDPOINT PROTECTION
All company devices are encrypted and centrally managed through Mobile Device Management (MDM).
COMPLIANCE & PRIVACY
EnvisionTech.ai does not sell customer data.
We process data under strict privacy rules, using PCI-compliant payment providers.
Data is retained while accounts remain active. Deletion requests are honored per privacy laws.
Breach notifications are issued as required by applicable regulations.
PRIVACY PROGRAM OVERSIGHT
Our Legal Team, working with engineering and product departments, ensures regulatory compliance and privacy-by-design across systems. For more information, visit our Privacy Policy or email us at [email protected].
