--- canonical: https://enum.co/security locale: en --- **Security by Design** # Security Security is not a feature. It's our architecture. Security by Design, not retrofitted. ### Infrastructure Security - **Immutable Infrastructure**: Where possible, systems are not manually modified or patched, but completely redeployed. This reduces the attack surface and eliminates configuration drift. - **Tenant Isolation**: Strict logical isolation between customers at network and compute level. No cross-tenant access. - **VPC & Network Isolation**: Each customer receives a dedicated Virtual Private Cloud with fully separated address space at Layer 2 and Layer 3. - **European Infrastructure**: Bare-metal servers in Germany. No US cloud provider. No US Cloud Act. - **Container Image Security**: Automated vulnerability scanning of all container images. - **Supply Chain Security**: Signed artifacts, verified base images, traceable build pipelines. ### Physical Security - **Tier III+ Data Center**: Frankfurt, redundant power and cooling systems. - **24/7 Access Control**: Physical access controlled and logged. - **Environmental Monitoring**: Temperature, humidity, smoke, continuously monitored. ### Data Protection - **Encryption at Rest**: Storage layer and all node disks fully encrypted. - **European Data Sovereignty**: GDPR-native, not retrofitted. No data processing outside the EU. No US dependencies, no CLOUD Act exposure. - **Data Residency**: Data does not leave Europe. Full control over storage location. ### Access Management - **OIDC-Based Access**: Infrastructure access via OpenID Connect. - **RBAC**: Fine-grained, role-based access control. - **Multi-Factor Authentication**: 2FA/MFA at all levels. FIDO2 hardware keys as standard. - **Audit Logs**: Traceability of security-relevant access and changes across all platform components. ### Monitoring & Response - **24/7 Monitoring**: Continuous monitoring of the entire platform infrastructure with automated alerts. - **Network Visibility & Anomaly Detection**: Network anomaly detection based on flow data. Automated alerts for suspicious traffic patterns. - **Incident Response**: Defined incident response procedures. Direct communication in case of emergency. Post-incident analysis and documentation. ### Compliance & Certifications What enum fulfills and where data center certifications apply. ### Security Contact Do you have security questions or want to report a vulnerability? Our security team is here for you. Email: security@enum.co security.txt: Security.txt ### Responsible Disclosure The security of our platform and our customers' data is our highest priority. We value the work of security researchers and the community who help us identify and fix vulnerabilities. [object Object] [object Object] [object Object] [object Object]