Security Policy
How we design, build, and operate Enki App with security as a first principle — not an afterthought.
Last reviewed: April 2026
AES-256
Data at rest encrypted with AES-256, the same standard used by financial institutions and government agencies.
TLS 1.3
All data in transit is protected by TLS 1.3. Older protocols are disabled. Certificate pinning on mobile clients.
Regular Audits
We conduct regular penetration tests and third-party security audits. Findings are addressed within defined SLAs.
Encryption Standards
Vault contents are encrypted client-side using AES-256-GCM before being transmitted to our servers. We use SHA-256 for hashing and RSA-4096 for key exchange. EnkiLabs employees cannot access the contents of your vault under any circumstances.
Infrastructure Security
- Servers hosted in SOC 2 Type II certified data centres in Canada.
- Network segmentation separates vault data from operational systems.
- Multi-factor authentication required for all internal system access.
- Automated intrusion detection and anomaly monitoring 24/7.
- All access to production systems is logged, audited, and time-limited.
Vulnerability Disclosure
We support responsible disclosure. If you have discovered a security vulnerability in our systems, please contact security@enkilabstech.com with a description of the issue. We commit to acknowledging reports within 24 hours, keeping you informed of our progress, and not taking legal action against researchers who follow responsible disclosure practices.
Incident Response
In the event of a confirmed security incident affecting personal data, we will notify affected users within 72 hours as required by GDPR, and within the timeframe required by applicable law. We will provide a clear account of what happened, what data was involved, and what steps we are taking.
Contact
Security enquiries: security@enkilabstech.com
General privacy: privacy@enkilabstech.com