Security & Privacy
Your enterprise's security, safety, and privacy is our top priority and we built Enzzo accordingly
Security Infrastructure
Enzzo's infrastructure is designed with layers of protection to ensure your data is secure while transmitted, stored, or processed. Data is encrypted at rest (AES-256) and in transit (TLS 1.2+). We implement role-based access control (RBAC), and least-privilege access policies. All privileged actions are logged and monitored for security and compliance. Our infrastructure is hosted on AWS and Supabase (SOC 2 Type 2 compliant) with data stored in the United States. Each customer's data is logically isolated within our database using unique tenant identifiers with row-level security policies.
AI Model & Prompt Security
Enzzo enforces strict tenant isolation at the application, storage, and AI request layers—ensuring no customer can access another customer's AI data. We use input sanitization, system-level prompt isolation, and parameterized database queries (via Supabase) to prevent injection attacks. AI responses are constrained to authorized context only, with retrieval systems that enforce access control checks and output filtering.
Operational Security
Our development team actively monitors Enzzo during business hours, with an on-call rotation standing by for critical issues. We implement secure authentication (OAuth, Google Workspace SSO), rate limiting, abuse detection, and continuous alerting to protect against unauthorized access. Annual third-party penetration testing validates our security controls.
AI Providers
Enzzo uses developer APIs exclusively from OpenAI and Anthropic for AI-powered features. Neither provider trains their models on data shared by Enzzo. Customer data sent to AI providers is processed in real-time and not retained for model training purposes.
Data Governance
Enzzo's commitment to data governance ensures your data remains secure, private, accurate, and accessible throughout its lifecycle. Customers can delete their data via the product or by request by sending an email to privacy@enzzo.ai. Deleted data is retained for recovery purposes, then permanently removed from production systems according to our retention policies.
Data Types Stored
When customers use Enzzo, we store: account and user information (name, email, role, hashed authentication credentials), user chat messages, and user-uploaded content.
Transparency & Logging
Enzzo logs AI interactions to ensure security and reliability. Logs do not contain any personally identifiable information (PII) or sensitive data, and are retained only as long as necessary. We are committed to transparency about how data flows through our systems and the limitations of our AI capabilities.
Sub-Processors
Find an up-to-date list of our Sub-processors here.
Transparency
At Enzzo, we provide visibility into the data sources used, AI limitations, and confidence signals where applicable. Enzzo uses OpenAI and Anthropic exclusively via developer APIs that do not train on customer data.
Data Ownership
Your data is yours. Enzzo does not use customer data to train foundation models. The controls and permissions with respect to access and use of customer data are strictly respected.
Responsible AI
Enzzo is committed to responsible AI practices. We actively address bias and misuse through ongoing monitoring, guardrails, and human oversight where needed. For Enterprise customers, AI features can be customized to meet your organization's specific compliance and governance requirements.
Empowering
Enzzo's context engineering approach allows the AI to leverage your authorized data to deliver relevant, high-quality outputs without training models on your information. This ensures personalized results while maintaining data privacy.
Get Started with Enzzo
Contact Sales