Security Overview
At Envolt, security is a core pillar of our platform. We take multiple technical and organizational measures to protect your data and secrets.
1. Data Encryption
- At Rest: All secrets and environment variables are encrypted using AES-GCM before storage.
- In Transit: All communications are encrypted via HTTPS/TLS 1.2+.
2. Authentication
Envolt uses Firebase Authentication to ensure secure, token-based user access. We never store plain-text passwords.
3. Access Control
Secrets are only accessible to authorized users within a vault. Each vault is isolated by user permission and ID.
4. Third-Party Security
- Google Cloud / Firebase: SOC 2, ISO/IEC 27001 certified infrastructure.
- Stripe: PCI-DSS Level 1 compliant for secure payment processing.
5. Incident Response
We monitor platform activity and have procedures to respond to potential incidents, including notification, containment, and recovery.
6. Reporting Vulnerabilities
Found a bug or security issue? Please contact security@envolt.org. We reward responsible disclosures.