Security
At Epi, security is at the heart of everything we do.

We take a holistic approach to security, considering customer security at every point in our business. We take security seriously, just as we do trust and privacy.

Our infrastructure and your data are protected by a system of layers and failsafes, in policy and technical controls.

Customer isolation

We secure data in customer-specific containers, and where required, in dedicated customer environments, to keep customer data separate and isolated.

Customer-key and end-to-end encryption

We protect application data with strong cryptographic techniques. Information is secured with keys specific to the customer, and where possible, with customer end-to-end encryption. We use best-in-class AES-256-GCM encryption, PBKDF2 key derivation, and high-strength RSA public-key encryption.

Epi-key encryption

We additionally secure Epi data with keys that we manage to protect data at rest on our servers with server-side encryption, rather than solely relying on cloud provider encryption.

Infrastructure security

We use infrastructure providers that provide strong security-of-the-cloud operations, like Amazon Web Services. We follow best cloud practices and industry-standard principles in our deployment to provide strong security-in-the-cloud operations.

Transport encryption

All data is further protected by another layer of industry-standard security in transit with HTTPS encryption.

Secure code principles

We employ secure code principles in all our development. We design, write and review code for its security and privacy implications. We use modern, open source libraries and industry-proven solutions. We evaluate and monitor supply chain dependencies for their actions. We deploy in secure environments and utilise tools like Content Security Policy (CSP) to protect clients and client data.

Principle of least privilege

We believe in the principle of minimal access. Our staff only have access to what they need, for when they need it, and no more. Our identity and access management (IAM) infrastructure policies enforce this principle. Senior engineers, the CTO and the CEO are even limited in their capabilities in our cloud platform.

Provider security

We evaluate prospective providers and select those with a reputation for privacy and security of customer data. We use strong authentication with all providers, including multi-factor authentication. We do not use third-party analytics or external telemetry providers to limit third-party tracking originating from your queries and data.

Talk to us
We'll get in touch.
This information is used to contact you and subscribe to our mailing list. Your details are processed according to our Privacy Policy.