Security
Data Authentication
and Encryption
We encrypt data in transit via HTTPS using TLS 1.2 with AES 256-bit encryption. Authentication processes are provided by Auth0, which uses HTTPS over TLS 1.2/TLS 1.3 with AES 128-bit encryption.
Data Storage
Sapience stores data on Microsoft Azure managed databases which are encrypted with Microsoft managed Transparent Data Encryption.
Rigorous Security Testing
Sapience undergoes infrastructure and application penetration testing yearly, upon significant change to the environment. Sapience undergoes SOC 2 audits annually and ad-hoc assessments conducted by internal audit or third parties.
Privacy
Access to Data
Sapience does not own collected data. Only authorized points of contact can request to access collected data with the appropriate documentation. Any data processed can be viewed through Sapience Vue’s reporting functions.
Sapience manages access to all resources and data through the principle of least privileged and has controls centered around governing access. Only authorized database administrators have access to the raw data. Product Support and Professional Services will only have temporary access to data upon given approval from an authorized customer point of contact.
Data Protection
Sapience Vue is designed with the ultimate security in mind right from coding to deployment. All Sapience Vue data is stored within Sapience’s Azure infrastructure and respective data centers.
- Servers are hosted in a SOC2 type 2 compliant data center, across multiple availability zones/regions.
- Microsoft Azure’s physical infrastructure has been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley.
Redaction of Customer Private
Information
We redact customer private information. Sapience Vue collects:
- Company ID
- Data subject ID
- Data subject email
- System Date and Time
- Event Data
All data is marked as confidential and protected with the highest level of security available. Sapience does not collect electronic private healthcare information, cardholder data, and special categories of personal data as described in Article 9 of the GDPR.
Data recovery and retention
Data collected is presented to end-users through the Vue portal. End-users can retrieve granular data through the reporting functions within the Vue application. Data is
retained based on established contracts between Sapience and Customers. Sapience has standardized processes to deliver or remove data based on established contracts.
Credit Cards
Sapience Vue never stores, processes, or transmits any cardholder data.
Passwords
Sapience does not have any access to any password details as all passwords are managed and provided by Auth0.
Compliance
Sapience undergoes annual SOC 2 audits with third parties validating the operationality of established controls for the confidentiality, integrity, accountability, privacy, and processing activities for Sapience Vue and the supporting infrastructure, people, and technology.