Security Details

Ensuring Your Security: Our Utmost Concern

In today's business landscape, safeguarding data is not just important—it's imperative. At Emissary, we place an unwavering emphasis on fortifying your data's safety and security. We are dedicated to employing every available precaution to guarantee the utmost protection for your valuable information.

Verified SOC2 Type II Compliance

Emissary has successfully achieved SOC2 Type II certification.

Our attainment of the SOC2 Type II audit underscores our strict adherence to the SOC 2 standards established by the American Institute of Certified Public Accountants ("AICPA"). The unblemished Type II report we've obtained affirms our dedicated efforts in ensuring the meticulous management, protection, and security of our customers' meeting data.

In our unwavering commitment to upholding the highest levels of data security, we are committed to an ongoing review of our data collection, management, and security practices. This commitment extends to the regular acquisition of SOC 2 Type II reports. If you are a valued customer and require access to a copy of the report, please don't hesitate to contact us. Your data security remains Emissary's paramount concern.

Single Sign-On

Grant your team the freedom to leverage Emissary's capabilities while maintaining stringent security protocols. For our Enterprise customers who have implemented Single Sign-On (SSO) for their business, we offer the option to mandate user logins to Emissary through their SSO credentials.

By enabling SSO within your workspace, you gain enhanced administrative oversight and introduce an additional safeguard to fortify the security of your meeting data. Your organization's data integrity remains our top priority as we continue to provide you with seamless and secure collaboration tools.

Data Center Security

At Emissary, our software infrastructure finds its home within Amazon Web Services (AWS) facilities situated in the United States. Amazon stands as a bastion of compliance and regulatory commitments, encompassing SOC 1-3 and ISO 27001 among its assurances. For more comprehensive insights, we invite you to delve into Amazon's comprehensive compliance and security documentation.

Furthermore, all of Emissary's core application servers, a full 100 percent, reside within our proprietary virtual private cloud (VPC). This enclave is fortified by meticulously curated security groups, which meticulously regulate and restrict communication to the bare essentials, both to and between these servers. This stringent approach ensures the utmost level of security while sustaining the seamless functionality of our services.

Ensuring Application Security

The very foundation of our web application architecture and implementation rests on Elixir/Erlang, elegantly harnessed by the Phoenix framework. This formidable framework is meticulously aligned with the guidelines prescribed by OWASP, further amplifying the security posture of our web applications.

To fortify our commitment to safeguarding your data, Emissary undertakes rigorous application penetration testing. This annual assessment, conducted by a trusted third-party, complements our ongoing internal testing and review initiatives. Should you wish to delve into the specifics, we encourage you to peruse our latest letter of engagement, which encapsulates the comprehensive scope of these security endeavors.

Data Security

We take the security of your data very seriously. All connections to Emissary are encrypted using SSL, and any attempt to connect over HTTP is redirected to HTTPS. We maintain an A+ grade for Qualys/SSL Labs, which is the highest possible rating.

All customer data (including call recordings and transcripts) is encrypted at rest and in transit. We use industry-standard encryption methods and rely on AWS infrastructure to securely maintain our cryptographic encryption keys.

Our data storage systems are also industry-standard and meet the highest security standards. We use AWS-managed PostgreSQL RDS and Elastic Search, which are both highly secure and reliable.

We have a team of dedicated security professionals who are constantly monitoring our systems for threats. We also have a robust incident response plan in place to ensure that any security incidents are handled quickly and effectively.

We are committed to protecting your data and we will always strive to keep your information safe.

Here are some additional details that you can add to the data security section:

• You can mention the specific security measures that you use, such as firewalls, intrusion detection systems, and data loss prevention (DLP) tools.
• You can also talk about your security policies and procedures, such as how you manage user access and how you handle security incidents.
• If you are certified by any security standards, such as ISO 27001 or SOC 2, you can mention that as well.
  
  

By providing more details about your data security measures, you can help to build trust with your customers and partners.

Security and Development Protocols

Every facet of our new product functionality is meticulously assessed for potential security implications. To ensure the integrity of our codebase, Emissary enforces compulsory code reviews for every alteration introduced. The process adheres to a standardized protocol, meticulously executed through separate development and testing environments, distinct from the production environment.

Guided by best practices, our infrastructure is meticulously constructed and deployed via Terraform. Prior to implementation, all modifications undergo rigorous evaluation, guaranteeing the solidity of our operational setup.

Our Commitment to Vulnerability Disclosure

At Emissary, we hold the principles of privacy and security at the very core of our platform. Upholding your trust remains our utmost priority, compelling us to maintain the highest standards in these domains. Should you encounter a security or privacy concern that warrants our attention, we invite you to engage with us. Your vigilance contributes to our collective commitment to excellence.

We have a policy of responding to security reports within 24 hours.