Last updated March 21, 2026
Security Measures
Enclave implements the following technical and organizational measures to protect the security, confidentiality, and integrity of Customer Personal Data.
Encryption
- All data in transit is encrypted using TLS 1.2 or higher.
- All data at rest is encrypted using AES-256 or equivalent.
- Encryption keys are managed through a dedicated secrets management service with automatic rotation.
Access Control
- Least-privilege access policies applied to all internal systems and personnel.
- Access to production systems is restricted to authorized personnel and subject to audit logging.
Infrastructure
- Services are hosted on major cloud infrastructure within isolated virtual private clouds.
- Network segmentation and firewall rules limit traffic between services.
- Container workloads run in hardened, isolated configurations.
- Infrastructure is provisioned and managed as code, with changes subject to review.
Code Execution Isolation
- Customer code submitted for analysis is processed in sandboxed environments.
- Sandboxed environments are ephemeral and destroyed after each execution.
- No customer code is persisted beyond the duration of the analysis session unless explicitly configured.
AI Provider Data Handling
- Inputs sent to third-party AI providers are transmitted over encrypted connections.
- Enclave selects AI providers that do not use customer inputs for model training. See AI Provider Terms for details.
- Users are responsible for ensuring that code submitted for analysis does not contain live credentials or secrets.
Monitoring & Incident Response
- Automated error tracking and alerting.
- Security incidents are investigated and affected customers notified in accordance with the Data Processing Agreement.
Organizational Measures
- Employees with access to Customer Personal Data are subject to confidentiality obligations.
- Security awareness training is provided to all personnel.
- Vendor and subprocessor agreements require data protection obligations substantially equivalent to Enclave’s own. See the Subprocessors list.