Goodbye from epiphany! Learn more.

Security

Our goal is to provide a secure environment, while also keeping our application’s performance at the highest quality to provide you with best overall user experience.

Product SecurityInfrastructure and Network SecurityData SecurityPrivacy and Consent

1. Product Security

1.1 Passwords

Epiphany uses Auth0 for authentication to facilitate industry-leading techniques for password management, encryption, storage, complexity, and reset.

  • Storage and encryption - Passwords are always hashed and salted using bcrypt. Additionally, data encryption is offered at rest and in transit by using TLS with at least 128-bit AES encryption.
  • Complexity standard -  Epiphany enforces a strong password complexity standard and require user passwords to have at least 8 characters including at least 3 of the following 4 types of characters: a lower-case letter, an upper-case letter, a number, a special character (such as !@#$%^&*).
  • Secure reset - In the event that a user forgets their password, a user can request their password be reset via a link that is sent to the user's verified email address. This link expires within a limited amount of time if not used.
  • Failed login attempts - Epiphany prevents brute force attacks (for password based authentication) by locking the targeted user account after 10 failed attempts. A notification email is sent to the user that includes a link that can be used to unlock the account.
  • Breached-Password Detection - If we suspect that a user's email has been compromised in a security breach, our system will trigger a protective shield, notify the user, and block them from logging in until they reset their information.

1.2 User Roles 

Epiphany includes three user role levels to help you manage permissions and access throughout your team.

  • Admins – can manage users and billing
  • Members – can create, edit, and update projects and data
  • Guests – can view projects and data

1.3 Project Access Control

Individual projects in Epiphany can be configured to restrict access to specific users. Enforce your organization's data classification policy by leveraging project access control to restrict data visibility to a subset of users within your organization.

2. Infrastructure and Network Security

2.1 Infrastructure

Epiphany utilizes industry-standard cloud infrastructure vendors to provide the its service. Epiphany’s infrastructure is managed through Amazon Web Services. The Epiphany web application is hosted in the servers are located in Oregon (US) on Amazon Web Services.

Amazon Web Services has been granted formal certification, attestation, and audit reports for ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3, and more – the full list of compliance resources is available on the Amazon Web Services Security page.

2.2 Access controls

All Epiphany employees have limited access to Epiphany infrastructure and systems and access is always provisioned on a minimum-necessary, least-privilege, basis. Access is only granted on a need-to-use basis, based on the responsibilities and duties of the employee.

2.3 Logging and monitoring

Epiphany utilizes Sentry for application logging and monitoring to help diagnose and fix issues within the Epiphany web application. Application error logs are stored in Sentry for 30 days and are used to help investigate issues raised from automatic alarms raised via Sentry.

3. Data Security

3.1 Data encryption

Epiphany utilizes industry-standard practices concerning the encryption of data when stored and while in transmission.

  • Encryption at rest - All data, including backups, is encrypted at-rest using AES-256 encryption.
  • Encryption in transit - Data is encrypted while moving between us and the browser with Transport Level Security (TLS) 1.2.
  • Secure Sockets Layer - Secure Sockets Layer (SSL) certificates are issued and managed through Amazon Web Services, and HTTP Strict Transport Security (HSTS) is enabled. We score an A+ rating on Qualys SSL Labs tests.
  • Key Management - Amazon Web Services (AWS) stores and manages data cryptography keys in its redundant and globally distributed Key Management Service (KMS). AWS KMS is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2, or are in the process of being validated, to protect your keys.

3.2 Data retention

  • Deleting Data - Users can delete projects and project data within Epiphany if they have the correct access rights. It can take up to 60 days for all data to be removed from backups.
  • Subscription cancellation - Following the cancellation of an Epiphany subscription, you will have at least 30 days to download your customer data from Epiphany. After this period, we have no obligation to maintain or provide any customer data to you. We may delete all data provided to us after this period.

3.3 Backups

  • Database backups All data is backed up utilizing Amazon Web Services (AWS) backup solution. Data is automatically backed up daily, and backups and stored for 30 days. All backups are encrypted at rest.
  • File storage - All files are stored utilizing Amazon Simple Storage Service (S3) are backed up daily. All S3 backups are stored for 30 days. S3 backups are encrypted at rest.

4. Privacy and Consent

Your privacy is important to us, and so is being transparent about how we collect, use, and share your information.

In our Privacy Policy, we share what information we collect, how we use and store that data, and how you can access and control your information.

©2021 Epiphany. All rights reserved.

features
Customer Panel
Insight Management
Opportunity Backlog
Product Discovery
Product
PricingBlogSupportWhat's new?
Company
About UsJobsContact
legal
SecurityGDPR CompliancePrivacy PolicyTerms and Conditions