Security

Enjo Security 

Empower your employees with 24/7 autonomous IT support. Enjo's AI Agents seamlessly integrate with your existing systems to provide instant, personalized assistance and automate resolutions, boosting productivity and satisfaction.

Request demo
Start a free trial
Trusted by startups and established enterprises
Security

Security compliance certifications and regulations

At Enjo.AI, security is paramount. Rest easy knowing your data is protected with industry-leading security measures.

SOC

Troopr uses an independent third party to conduct a SOC 2 audit on its knowledge management system. This audit covers the SOC 2 Common Criteria and the Confidentiality and Privacy trust services criteria. We’re happy to share this report with clients or prospects with a signed non-disclosure agreement on file.

PCI Compliant

Troopr does not process PCI data, but uses a third party for payment purposes. Accordingly, Troopr conducts an annual Self Assessment Questionnaire (A-EP) and scans its public-facing connections monthly for security vulnerabilities.

GDPR Ready

Troopr takes the data handling of our EU customers seriously. We're ready to meet data subject requests wherever and whenever they happen and we abide by the European Commission’s standard contractual clauses.

EU - U.S. Privacy Shield

Troopr complies with the EU-U.S. & Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Dept of Commerce regarding the collection, use, and retention of personal information transferred from the EU and Switzerland to the U.S. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Troopr at privacy@troopr.io.
1

Reliable AI for Enterprise, 24/7

With our proven 99.9% uptime over the past 5 years, you can be confident that you'll always get the help you need, instantly. Troopr reviews and updates its Business Impact Analysis (BIA) and Business Continuity Plan (BCP) on an annual basis. Enjo services are hosted in AWS and Azure infrastructure, both of which have established reliability standards. Talk to our security experts to learn more.

2

Safe, secure, and trustworthy AI

By default, Enjo sends requests to Azure Open AI for embedding and natural language responses. Enjo AI is optimized specifically for support use cases and for that Enjo prioritizes data security through content filtering, anonymization, robust encryption, minimal data collection, masking, and compliant retention and deletion. Your prompts, completions, embeddings, and training data remain private and are not shared with other customers, OpenAI, or used to improve any models or services beyond your own fine-tuned models in your Azure resource. The Azure OpenAI service is operated solely by Microsoft using OpenAI models hosted in Azure. Read more about Azure Open AI security and privacy here

We are here for you

Frequently asked questions

If you have further questions, simply request a demo from our team, and we'll respond promptly.
Request demo
Do you support SSO for application login?

Troopr integrates with Slack SSO solution to provide a seamless login experience. User authentication can take place without the need to manage yet another account/password combination.

Is customer data secure?

All communication between customer systems and Troopr takes place using high levels of encryption (TLS 1.2/HPPS). All stored data is encrypted at rest using AES256 encryption. This includes all types of data at rest within our systems - relational databases, file stores, database backups, etc. The encryption keys are generated and managed by AWS KMS and rotated once a year.

Where are your servers hosted?

Enjo servers are hosted in Amazon Web Services (AWS) data centers maintained by industry-leading service providers. Data center providers offer state-of-the-art physical protection for the servers and related infrastructure that comprise the operating environment. These service providers are responsible for restricting physical access to Enjo’s systems to authorized personnel. Our hosting environment maintains multiple certifications for its data centers, including ISO 27001 compliance, FedRAMP authorization, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and AWS Compliance website.

Can administrators restrict access to Enjo services?

Enjo administrators can set user roles according to the principle of least privilege. Users only see what they need in order to perform their jobs.

How do you ensure no other client sees my data?

Customer data is stored in multi-tenant datastores and assigned a unique tenant token, which prevents one customer from accessing another customer's data.

How do you ensure no unauthorized Troopr employees see my data?

Production access is limited to a small group, and is granted through explicit signed permission. An account review is done quarterly and documented accordingly. Further Troopr's personnel (employees and independent contractors) who have direct access to Troopr's internal information systems are required to understand and follow internal policies and standards. Before gaining initial access to systems, they must agree to confidentiality terms, pass a background screening, and attend security training. This training covers privacy and security topics, including device security, acceptable use, preventing malware, physical security, data privacy, account management, and incident reporting. Upon termination of work at Troopr, all access to Troopr systems is removed immediately.

Do third parties have access to my data?

In addition to AWS, Enjo uses some third parties to perform certain components of its operations. Only vendors who have successfully demonstrated sufficient security capabilities and commitments are authorized to support the Troopr system.

How do you assess third parties before and during their service?

Any vendor with the potential to access sensitive client data is required to provide an external audit or, at a minimum, submit to a risk interview and demonstrate best security practices. These artifacts are refreshed annually to ensure no lapse in oversight. Moreover, each vendor is required to sign a Data Processing Agreement and contractually commit to data security practices.

Do you scan your network and your application for vulnerabilities?

Troopr scans Enjo systems regularly to identify common vulnerabilities. Servers are patched automatically on a regular schedule, with critical and high severity patches applied with the highest priority. Additionally, Enjo leverages a built-in application security management platform (Sqreen) that uses in-app security signals to detect and block attacks. Sqreen protects Troopr application by preventing data breaches, stopping account takeovers and blocking business logic attacks.

Is your application penetration tested?

Troopr partners with external penetration testing vendors to conduct annual tests. Medium and higher severity findings are remediated, with reports available upon request and under NDA.

What is your data backup and recovery system?

Troopr runs backups for Enjo daily, encrypted in transit and at rest, with regular tests. Backups reside "off-site" from our offices, on Amazon S3 servers that store files on multiple devices. Troopr reviews and updates its Business Impact Analysis (BIA) and Business Continuity Plan (BCP) on an annual basis. Our team has developed a process to provide well-defined Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). Reports are available upon request and under NDA.

Do you have an incident response program?

Troopr maintains ongoing documentation and verification of its incident response policy and procedures rehearsing potential incidents twice annually. Though highly unlikely, any data breach would be communicated to a client’s Troopr administrator within 24 hours of confirmation.

Do you perform security reviews during development?

Security is baked into the coding process, and OWASP 10 risk classification is performed to validate new code prior to deployment. All code is stored in a version-controlled repository with changes subject to peer review and continuous integration testing. Also, Enjo developers undergo specialized security training to address common vulnerabilities such as Cross Site Scripting and SQL injection.

How do I know your security program is working?

Troopr hires an independent audit firm to conduct an annual SOC 2, Type II audit, which includes not only the Common Criteria, but the Confidentiality and Privacy trust services criteria too. Further Troopr conducts quarterly internal audits. Our InfoSec program follows a process of careful planning. Roles and responsibilities related to customer data protection and verification are well-defined and documented.

Do you have a bug bounty program?

Troopr has an active bug bounty program and we partner with ethical hackers to find and resolve issues in our software. Submissions to our bug bounty program are evaluated and remediated based on severity. Report a vulnerability to security@troopr.io.For any questions or additional information, please reach out to our security team at security@troopr.io

Quick action

Accelerate support with Generative AI

Book a demo with one of our Enjo experts

Start a free trial
Request demo
Product
AI SearchAI TicketingAI ActionsAI InsightsAgent Assist
Solutions
IT SupportHR SupportCustomer Service
Company
AboutTermsPrivacy PolicySecurityGDPRSLA
Resources
BlogWhitepaperChangelogDocumentationEnterprise
horizontal-da…ne-vector
© 2024 Troopr Labs Inc. All Rights Reserved