Security and Privacy
Your data security and privacy is our biggest responsibility.
We encrypt data in transit via HTTPS using TLS 1.2 with AES 256-bit encryption. Authentication processes are provided by Auth0, which uses HTTPS over TLS 1.2/TLS 1.3 with AES 128-bit encryption.
Sapience stores data on Microsoft Azure managed databases which are encrypted with Microsoft managed Transparent Data Encryption.
Rigorous Security Testing
Sapience undergoes infrastructure and application penetration testing yearly, upon significant change to the environment. Sapience undergoes SOC 2 audits annually and ad-hoc assessments conducted by internal audit or third parties.
Access to Data
Sapience does not own collected data. Only authorized points of contact can request to access collected data with the appropriate documentation. Any data processed can be viewed through Sapience Vue’s reporting functions.
Sapience manages access to all resources and data through the principle of least privileged and has controls centered around governing access. Only authorized database administrators have access to the raw data. Product Support and Professional Services will only have temporary access to data upon given approval from an authorized customer point of contact.
Sapience Vue is designed with the ultimate security in mind right from coding to deployment. All Sapience Vue data is stored within Sapience’s Azure infrastructure and respective data centers.
Data recovery and retention
Data collected is presented to end-users through the Vue portal. End-users can retrieve granular data through the reporting functions within the Vue application. Data is
retained based on established contracts between Sapience and Customers. Sapience has standardized processes to deliver or remove data based on established contracts.
Sapience Vue never stores, processes, or transmits any cardholder data.
Sapience does not have any access to any password details as all passwords are managed and provided by Auth0.
Sapience undergoes annual SOC 2 audits with third parties validating the operationality of established controls for the confidentiality, integrity, accountability, privacy, and processing activities for Sapience Vue and the supporting infrastructure, people, and technology.