Skip to content
Eranis
Login Start Free Trial
English Français

Security

Last Updated: January 1, 2025

At Eranis, security is foundational to everything we build. We understand that you trust us with sensitive employee data, and we take that responsibility seriously. This page outlines our approach to security, the measures we implement, and our commitment to protecting your information.

Our Security Philosophy

We believe security is not a feature but a fundamental requirement. Our approach is built on three principles:

  1. Defense in Depth: Multiple layers of security controls protect your data at every level.
  2. Least Privilege: Access is restricted to only what is necessary for each role and function.
  3. Continuous Improvement: We constantly evaluate and enhance our security posture.

Data Protection

Encryption

In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS across all connections and implement HTTP Strict Transport Security (HSTS).

At Rest: Customer data stored in our databases and file storage is encrypted using AES-256 encryption. Encryption keys are managed through secure key management systems with regular rotation.

Tenant Isolation

Eranis is a multi-tenant platform, but your data is never mixed with other customers' data. We implement Row-Level Security (RLS) at the database level, ensuring that:

  • Each query is automatically filtered to only return data belonging to your organization
  • Database-level policies enforce isolation regardless of application logic
  • Even in the event of an application vulnerability, cross-tenant data access is prevented

Data Backups

  • Frequency: Automated backups occur daily with point-in-time recovery capability
  • Retention: Backups are retained for 30 days
  • Encryption: All backups are encrypted at rest
  • Geographic Redundancy: Backups are stored in geographically separate locations
  • Testing: Backup restoration is tested regularly to ensure data recoverability

Infrastructure Security

Cloud Infrastructure

Eranis is hosted on industry-leading cloud infrastructure providers that maintain:

  • SOC 2 Type II certification
  • ISO 27001 certification
  • Physical security controls (biometric access, 24/7 surveillance, security personnel)
  • Geographic redundancy and disaster recovery capabilities

Network Security

  • Firewalls: Web Application Firewall (WAF) protects against common attacks (SQL injection, XSS, etc.)
  • DDoS Protection: Distributed denial-of-service mitigation at the network edge
  • Network Segmentation: Production systems are isolated from development and corporate networks
  • Intrusion Detection: Continuous monitoring for suspicious activity

Server Security

  • Operating systems are hardened according to security benchmarks
  • Security patches are applied promptly following our patch management policy
  • Unnecessary services and ports are disabled
  • Access is restricted to authorized personnel via secure channels

Application Security

Secure Development

  • Security by Design: Security requirements are incorporated from the beginning of development
  • Code Review: All code changes undergo peer review with security considerations
  • Dependency Management: Third-party libraries are monitored for vulnerabilities and updated promptly
  • Static Analysis: Automated security scanning identifies potential vulnerabilities before deployment

Authentication & Access Control

  • Strong Password Requirements: Minimum complexity and length requirements enforced
  • Multi-Factor Authentication (MFA): Available for all accounts, required for administrative access
  • Session Management: Secure session handling with automatic timeouts
  • Role-Based Access Control (RBAC): Granular permissions ensure users only access what they need
  • Single Sign-On (SSO): Enterprise SSO integration available for centralized authentication

Input Validation

All user input is validated and sanitized to prevent:

  • SQL injection attacks
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Command injection
  • Path traversal attacks

Operational Security

Access Management

  • Principle of Least Privilege: Employees only have access to systems necessary for their role
  • Background Checks: All employees undergo background verification
  • Security Training: Regular security awareness training for all staff
  • Access Reviews: Periodic reviews ensure access remains appropriate
  • Offboarding: Access is revoked immediately upon employment termination

Monitoring & Logging

  • Comprehensive Logging: Security-relevant events are logged for audit and analysis
  • Log Protection: Logs are stored securely and protected from tampering
  • Real-Time Monitoring: Automated systems monitor for security anomalies
  • Alerting: Security teams are notified of potential incidents 24/7

Incident Response

We maintain a documented incident response plan that includes:

  1. Detection: Identifying potential security incidents
  2. Containment: Limiting the scope and impact
  3. Eradication: Removing the threat
  4. Recovery: Restoring normal operations
  5. Lessons Learned: Improving based on incident analysis

Breach Notification: In the event of a data breach affecting your information, we will notify you within 72 hours as required by applicable law, providing details about the incident and steps being taken.

Compliance

Data Protection Regulations

Eranis is designed to help you comply with data protection regulations:

  • GDPR: We provide data processing agreements, support data subject rights, and maintain appropriate technical and organizational measures
  • CCPA: We support California residents' rights and do not sell personal information
  • Data Localization: Contact us about data residency requirements for your region

Industry Standards

We align our practices with recognized security frameworks:

  • SOC 2: We are working toward SOC 2 Type II certification
  • OWASP: Development follows OWASP secure coding guidelines
  • CIS Controls: Infrastructure is configured according to CIS benchmarks

Vulnerability Management

Security Testing

  • Penetration Testing: Annual third-party penetration tests assess our defenses
  • Vulnerability Scanning: Regular automated scans identify potential weaknesses
  • Bug Bounty: We welcome responsible disclosure from security researchers

Responsible Disclosure

If you discover a security vulnerability in our Service, please report it responsibly:

Email: security@eranis.com

Guidelines:

  • Provide detailed information to help us reproduce the issue
  • Allow reasonable time for us to address the vulnerability before disclosure
  • Do not access, modify, or delete other users' data
  • Do not disrupt our services or degrade user experience

We commit to:

  • Acknowledging receipt of your report within 48 hours
  • Providing regular updates on our progress
  • Not pursuing legal action against researchers who follow these guidelines
  • Recognizing your contribution (with your permission)

Business Continuity

Disaster Recovery

  • Recovery Point Objective (RPO): Maximum 24 hours of data loss
  • Recovery Time Objective (RTO): Service restoration within 4 hours
  • Failover: Automated failover to backup systems
  • Regular Testing: DR procedures are tested at least annually

High Availability

  • Multiple availability zones for redundancy
  • Load balancing distributes traffic across servers
  • Auto-scaling handles traffic spikes
  • Health monitoring with automatic instance replacement

Your Role in Security

Security is a shared responsibility. We recommend:

For Administrators

  • Enable MFA for all users, especially administrators
  • Configure appropriate role-based permissions
  • Review user access regularly and remove inactive accounts
  • Use strong, unique passwords
  • Monitor audit logs for suspicious activity

For All Users

  • Use strong, unique passwords (or a password manager)
  • Enable multi-factor authentication
  • Be cautious of phishing attempts
  • Report suspicious activity to your administrator
  • Keep your devices and browsers updated

Security Updates

We continuously improve our security posture. Material updates to this page will be noted here:

Date Update
January 1, 2025 Initial publication

Contact Us

For security-related inquiries:

Security Team: security@eranis.com

For general questions about our security practices, please contact:

Eranis LLC Email: support@eranis.com

Eranis is committed to maintaining the trust you place in us. If you have questions or concerns about our security practices, please don't hesitate to reach out.

← Back to Home