👨‍💻 Product Security

User Security

Enter ensures users can configure roles for each organization they may need to manage, including full access, read and write, and read-only for their users.


Enter takes data availability seriously and employs a status and incident tracking system to monitor any outages. You can find this at https://status.enter.health/

📲 Application Security

Secure Frameworks

Enter employs mature and comprehensive application security frameworks to ensure data is handled safely.

Continuous Vulnerability Scanning

We employ continuous vulnerability and penetration testing both in-house and outsourced.

Secure Development Lifecycles

Our software development lifecycles include linting, unit tests, integration tests, static analysis, and known vulnerability scans.

Hashing and Encryption

Passwords are one-way hashed and sensitive keys are encrypted using Amazon KMS.

☁️ Infrastructure Security


Enter hosts our application using data centers provided by Amazon Web Services and have many monitoring features enabled to ensure availability and security.

Secure Transport

Enter ensures all data that we handle is encrypted while in transit (allowing only TLS 1.2+ cipher-suites)

Secure Storage

100% of data stored at rest is encrypted using the latest encryption standards and products.

Least Privilege

All IAM and user credentials are scoped to only what is necessary to get the job done for that role.

Network Segregation

Production and sandbox accounts are provisioned within their own network segmented zones.

⚠️ Risk and Compliance


Enter is actively in the process of achieving our SOC 2 Type 2 certification.


We are HIPAA compliant and signing a BAA will ensure even stronger data controls.


We have some of the strongest privacy policies in the game. Please review them here.

🏢 Corporate Security


All employees and contractors are trained at least annually on latest data security issues as well as HIPAA compliance.

Endpoint Management and Monitoring

All employee and contractor devices deploy with leading endpoint protection.

Access Review

All access granted is continuously reviewed with least privilege philosophy being employed.


All internal resources must be access via a Virtual Private Network which requires two factors of authentication.

⛑ Physical Security

Data in the Cloud

We don't store data on-premise