Trust & Security
Your M&A relationships are sensitive and valuable. We built Envoyum with security, privacy, and compliance as foundational principles - not afterthoughts.
Security Architecture
Enterprise-grade security designed for sensitive business relationships.
Multi-Tenant Isolation
Your data is strictly separated from other customers at the database level using Row Level Security (RLS). Every query is scoped to your tenant - there is no way to accidentally access another tenant's data.
Audit Logging
Every action in Envoyum is logged with full attribution: who did what, when, and why. This creates an immutable audit trail for compliance, LP reporting, or internal review.
Role-Based Permissions
Control who can see what within your organization. Admins can manage team access, view audit logs, and configure integrations. Regular users work within their assigned scope.
Encryption
Data encrypted at rest and in transit. Sensitive credentials (like email tokens) are encrypted with per-tenant keys. We follow industry best practices for key management.
Compliance
Built to help you stay compliant with email regulations worldwide.
CAN-SPAM Compliance
One-click unsubscribe in every email, automatic suppression list updates, physical address inclusion, and honest subject lines. We make it easy to stay compliant.
GDPR Compliant
Right to erasure (Art. 17) and data portability (Art. 20) built in. Delete your account and export your data at any time. Multi-tenant isolation ensures your data stays yours.
CASL Compliance
Express consent tracking, implied consent expiration management, and compliant unsubscribe mechanisms for Canadian contacts.
SOC 2 Type II Roadmap
We are actively working toward SOC 2 Type II certification. Our infrastructure and processes are designed with this standard in mind from day one.
Data Handling
Clear answers about what we collect, how we use it, and what we never do.
What data do you collect?
Contact information you import, email threads you connect, notes you upload, and enrichment data from public sources. We do not collect data you have not explicitly provided or connected.
Do you train AI models on my data?
No. Your tenant data is never used to train external AI models. Any learning happens within your tenant boundary using verified outcomes, not engagement proxies. Your proprietary relationship intelligence stays yours.
How long do you retain data?
Your data is retained as long as your account is active. Upon account closure, data is deleted within 30 days. Audit logs may be retained longer for compliance purposes, as disclosed in our data processing agreement.
Can I export my data?
Yes. You can export your contacts, relationship history, and activity data at any time. We believe your data belongs to you, and we make it easy to take it with you.
Our Philosophy
The principles that guide how we build Envoyum.
Human-in-the-Loop by Default
All AI-generated outreach queues for human approval. We do not believe in "set and forget" automation for relationship-sensitive communications. You control what gets sent.
Transparency Over Magic
Every AI decision is explainable. You can see why a contact was scored a certain way, why a draft was written as it was, and what signals informed recommendations. No black boxes.
Outcomes Over Proxies
We optimize for real outcomes (meetings booked, relationships built) not vanity metrics (open rates, click rates). This shapes our product and how we measure success.
Questions about security?
We're happy to discuss our security practices, provide documentation, or answer specific questions for your compliance team.
Contact us at security@envoyum.com