Skip to main content
All CollectionsKnowledge Base
Security @ elvex
Security @ elvex
Updated over 2 months ago

elvex enables organizations to solve complex problems using AI. A key part of delivering on that solution is giving organizations the ability to connect their data and tools to elvex. We take the responsibility to handle your data very seriously. This page is meant to provide an overview of our approach to security. If you have additional questions, please reach out via [email protected].

If you're looking at this page, you're also likely interested in reviewing our Privacy Policy as well as Terms of Use.

If you are reporting a security concern or vulnerability, please reach out via [email protected].

We have a formal information security program

We have a comprehensive information security program at elvex which is reviewed frequently and covers:

  • Risk Governance: Formal plan approved by management, with regular policy reviews.

  • Access Control: Unique IDs, strong password policies, and multi-factor authentication.

  • Incident Response: 24/7 reporting channel ([email protected]), annual plan testing, and defined escalation procedures.

  • Data Protection: Encryption in transit and at rest, least-privilege access, and access logging.

  • Third-Party Management: Comprehensive program with ongoing monitoring and extended contractual obligations.

  • Compliance: Internal audits, ethics program, and mechanisms for privacy inquiries and disputes.

  • Security Awareness: Regular training and policy acknowledgment for all employees and contractors.

  • Continuous Improvement: Annual standard reviews and active vulnerability management.

  • Mobile Security: Mobile Device Management solution enforcing security requirements on end-user devices.

We comply with relevant security frameworks

We are compliant with security frameworks like Systems and Organization Controls (SOC) 2 which provide a high bar that we seek to exceed in our approach to handling your information.

We host in world-class facilities

elvex runs on DigitalOcean servers hosted in the USA. DigitalOcean also takes security seriously and you can read more about their approach here.

We follow best practices

  • Mature Software Development Lifecycle Process. We follow a mature software development lifecycle approach where all code is manually reviewed by engineers with security training.

  • Continuous Integration and Deployment. We employ automated continuous integration and delivery processes where code deployed to production must pass existing unit/integration/security tests. This applies to both our application code as well as well as our infrastructure which is also managed and deployed as code.

  • Encryption. Data sent to elvex servers is encrypted both in transit and at rest and that applies all the way down to backups.

  • Independent Penetration Testing. We perform comprehensive "grey-box" penetration tests once a year with industry-leading auditors.

  • Two-factor Authentication. We use two-factor authentication whenever possible. We ask vendors to enforce two factor authentication in all our accounts. We discourage the use of shared accounts on any system - when we have no choice we use a secure password manager to securely share logins. We review which accounts can access our systems and the permissions they have regularly.

We provide security features to allow you to manage your data

elvex offers role-based access controls and granular resource-based roles for things like Apps and Datasources to put your team in control of what data is shared and with whom.

We do not store payment details

elvex does not store or process payments.

Did this answer your question?