window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-206511945-1');
Search

Is Encore Secure?

We understand that it isn’t enough to just answer “Yes” when asked “Is Encore Secure?”. So, here are some of the specific things we have done to ensure this.

Actions we have taken to make Encore as secure as possible

TL;DR

  • All data is stored securely on our servers
  • All data is isolated per company
  • All traffic is transmitted via HTTPS using SSL
  • We use industry best practices to store your sensitive information and mitigate common attacks
  • We enforce secure passwords to access the system, while also requiring user PINs to perform actions

More detailed answers for the inquisitive

  • The data is stored securely. Because everything is hosted on the cloud, there’s no risk of having the personal files on your computer accessed. We use Google cloud servers which Google has worked to make very secure. The only way for the database to be accessed is either through the server, or by computers that are on our network. Even if someone were to figure out our database passwords, they could not access the databases unless they were in our offices.
  • Data isolation. All of the client data that is stored on our servers is isolated from each other so that there is no possibility of data accidentally being shared between companies
  • HTTPS/SSL is used. The connection from your computer to our server is encrypted, so the data that leaves your computer is encrypted until it reaches the server, and the server decrypts it. If your browser supports TLS 1.3 (the most secure), it will be used. Otherwise, TLS 1.2 will be used, which is also considered to be very secure.
  • Industry best practices are used.
    • Your passwords are hashed and salted. Nobody here knows what your passwords are. If someone attempts to guess a password too many times (5), their account will be locked out until they reset it through their email. 
    • We don’t ever store full credit card information, just the last 4 numbers and expiry for identification purposes, this is compliant with PCI security standards.
    • We detect and mitigate known/common attacks including cross-site scripting (XSS) and data injection attacks to prevent things like data theft, site defacement, and malware distribution
  • On top of your account password, almost every action can be restricted by PIN – you can limit which employees have access to things, and can choose not to give your employees account access.

Actions we suggest YOU take to help keep it secure

  • Keep access to your email secure. If someone has access to your email address, they could reset your password. This is true for almost every account you use online. Enabling two-factor authentication on your email address is always a good idea.
  • Do not reuse passwords. Use a unique password for Encore. We keep our passwords secure, but we can’t guarantee other websites do the same.
  • Do not leave your computer open. If you do and it is logged into Encore and you don’t have a login timeout in Encore, someone could just walk up to your system and start using your login.