Security at Enrichley

Last updated: 9 June 2026

We know the data we handle matters. Enrichley is built on modern, security-focused infrastructure, and we apply layered technical and organizational safeguards to protect our systems and the data entrusted to us.

Encryption

• In transit: all traffic to enrichley.com and our API is encrypted in transit (HTTPS).
• At rest: data is encrypted at rest using AES-256, and we encrypt sensitive fields at the application layer.

Infrastructure

• Hosted on Cloudflare and Amazon Web Services (AWS).
• Edge protection, including DDoS mitigation and a web application firewall, via Cloudflare.
• Secrets and credentials are managed with access-controlled secret storage.

Access controls

• Role-based access on a least-privilege basis; access to production data is limited to personnel who need it.
• Authentication is handled by Clerk.

Monitoring

• Error and performance monitoring via Sentry.
• Logging and audit trails for key systems.

Vendor management

We engage a limited set of sub-processors under data-protection obligations and review them for security. Our current list is at enrichley.com/subprocessors.

Data privacy

How we collect, use, and share personal data is described in our Privacy Policy. Customers can also review our Data Processing Addendum.

We are not currently SOC 2 or ISO 27001 certified, so this page makes no certification claims.

Reporting a vulnerability

If you believe you’ve found a security issue, please contact [email protected]. We appreciate responsible disclosure.