Empathiq is committed to protecting customer data with secure, modern infrastructure and best-in-class security practices. This document outlines how we safeguard your information across all components of the Empathiq platform.

Infrastructure & Hosting

Empathiq’s core services—including our Platform and Knowledge Base—are hosted using trusted infrastructure providers who meet rigorous security and reliability standards.

• Cloud Infrastructure: Hosted via audited environments including AWS and Fly.io

• Network Security: Private networking, firewalled systems, no exposure of databases to the public web

• Data Encryption:

  • In-transit: All data is encrypted using HTTPS (TLS 1.2+)

  • At-rest: Application and backup data is encrypted using industry-standard AES-256

Certifications & Audits

Our infrastructure partners undergo regular independent audits and maintain industry-recognized certifications, including:

• SOC 2 Type II

• GDPR compliance

• ISO 27001 (AWS)

We regularly review partner audit reports and apply required controls across our own systems.

Application Security

Empathiq takes a layered security approach:

• Tenant Isolation: Logical data separation ensures that your information is never accessible by other clients.

• Access Controls: Role-based access and scoped permissions are enforced across user types.

• Admin Monitoring: Administrative access is tightly controlled and logged.

• Session Management: Timeouts, IP logging, and browser session rules are enforced to limit unauthorized access.

Payment & Billing

Empathiq uses PCI-DSS compliant vendors (e.g., Stripe) for all billing operations. We never store full card details on our own servers.

Backups & Business Continuity

• Daily backups of all critical systems

• Encrypted backups stored in geographically redundant locations

• Business continuity and disaster recovery plans are tested and maintained

Incident Response & Reporting

Security events are logged, triaged, and addressed according to a documented incident response plan.

• If an incident affects your data, we will notify you promptly with impact and resolution details.

• Vulnerabilities or suspicious activity can be reported to security@getempathiq.com

For details about Empathiq’s HIPAA compliance, SOC 2 attestations, and Business Associate Agreements (BAAs), please visit our Compliance page.