Security and Privacy

Your data security and privacy is our biggest responsibility.

security

Security

Data Authentication
and Encryption

We encrypt data in transit via HTTPS using TLS 1.2 with AES 256-bit encryption. Authentication processes are provided by Auth0, which uses HTTPS over TLS 1.2/TLS 1.3 with AES 128-bit encryption.

Data-authentication-and-encryption
Data-storage

Data Storage

Sapience stores data on Microsoft Azure managed databases which are encrypted with Microsoft managed Transparent Data Encryption.

Rigorous Security Testing

Sapience undergoes infrastructure and application penetration testing yearly, upon significant change to the environment. Sapience undergoes SOC 2 audits annually and ad-hoc assessments conducted by internal audit or third parties.

Rigorous-security-testing

Privacy

Access to Data

Sapience does not own collected data. Only authorized points of contact can request to access collected data with the appropriate documentation. Any data processed can be viewed through Sapience Vue’s reporting functions.

Sapience manages access to all resources and data through the principle of least privileged and has controls centered around governing access. Only authorized database administrators have access to the raw data. Product Support and Professional Services will only have temporary access to data upon given approval from an authorized customer point of contact.

Access-to-data
Data-protection-min

Data Protection

Sapience Vue is designed with the ultimate security in mind right from coding to deployment. All Sapience Vue data is stored within Sapience’s Azure infrastructure and respective data centers.

Redaction of Customer Private
Information

We redact customer private information. Sapience Vue collects:

Redaction-of-Customer-Private-Information-min

All data is marked as confidential and protected with the highest level of security available. Sapience does not collect electronic private healthcare information, cardholder data, and special categories of personal data as described in Article 9 of the GDPR.

Data-recovery-and-retention-min

Data recovery and retention

Data collected is presented to end-users through the Vue portal. End-users can retrieve granular data through the reporting functions within the Vue application. Data is
retained based on established contracts between Sapience and Customers. Sapience has standardized processes to deliver or remove data based on established contracts.

Credit Cards

Sapience Vue never stores, processes, or transmits any cardholder data.

Passwords

Sapience does not have any access to any password details as all passwords are managed and provided by Auth0.

Compliance

Sapience undergoes annual SOC 2 audits with third parties validating the operationality of established controls for the confidentiality, integrity, accountability, privacy, and processing activities for Sapience Vue and the supporting infrastructure, people, and technology.