Security
Security is not a feature we add on. It is the foundation everything is built on.
Sensitive financial data including deal amounts, expense records, and customer financial information is encrypted at the field level using AES-256 encryption with per-tenant key management through AWS KMS.
All data is stored exclusively on infrastructure located in Canada. We do not transfer or replicate data to servers outside of Canadian borders, ensuring compliance with PIPEDA and provincial privacy legislation.
Every user account operates under a granular RBAC system. Permissions are enforced at the API level, ensuring users can only access data and actions appropriate to their role within the dealership.
All data transmitted between your browser and our servers is encrypted using TLS 1.3. API traffic, webhook payloads, and email relay connections are all secured with modern cipher suites.
User authentication is handled through Supabase Auth with secure session tokens, automatic expiry, and support for multi-factor authentication. Sessions are invalidated on password change.
Our platform runs on Vercel's edge network and Supabase's managed PostgreSQL infrastructure. Both providers maintain SOC 2 Type II compliance, automated backups, and DDoS protection.
PIPEDA
Full compliance with Canada's Personal Information Protection and Electronic Documents Act.
SOC 2 Type II
Infrastructure providers maintain SOC 2 Type II certification for security, availability, and confidentiality.
AES-256 / TLS 1.3
Industry-standard encryption for data at rest and in transit across all platform components.
If you discover a security vulnerability, please report it responsibly. We appreciate your help in keeping our platform and our customers safe.
security@enscalesystems.com