Security — Eidoncore | Enterprise-Grade Data Protection

Encryption

Data protection at rest and in transit

All sensitive data is encrypted using industry-standard algorithms. Connections are secured with HTTPS/TLS at all times.

AES-256-GCM

Sensitive data encrypted at rest with HKDF key derivation

TLS 1.3 in Transit

All connections encrypted between browser and server

bcrypt Hashing

Passwords hashed with bcrypt cost-12 — never stored in plain text

HMAC-Signed Tokens

Password resets, invitations, and impersonation use tamper-proof signed tokens

Authentication

Two-factor authentication and session controls

Protect your account with TOTP-based two-factor authentication using any authenticator app. Agency owners can require 2FA for the entire team. Manage active sessions, revoke unauthorized access, and configure idle timeouts — all from your security settings.

TOTP-based 2FA with 8 recovery codes
Agency-wide 2FA enforcement for owners
Active session monitoring with device and location info
Configurable idle timeout and max session lifetime
One-click revoke of single or all sessions

Security settings with two-factor authentication, session management, and policy controls

Tenant Isolation

Complete data isolation between workspaces

Every agency workspace is fully isolated at the database level. Subdomain routing, organization-scoped queries, and hostname-bound session cookies ensure no data ever leaks between agencies — even if the same email address is used across multiple workspaces.

Organization-scoped database queries on every request
Subdomain and custom domain routing at the edge
Hostname-scoped session cookies — no cross-subdomain leaking
Per-agency passwords, profiles, and role assignments
Reserved slug protection for system subdomains

Isolated agency workspace with subdomain routing and tenant-scoped data

Policies & Auditing

Security policies, audit logs, and compliance

Agency owners can enforce security rules across their workspace. Every significant action is recorded in a comprehensive audit log with field-level detail — perfect for compliance, troubleshooting, and accountability.

Require 2FA for all team members
Email domain allowlist for team invites
Re-authentication required for sensitive actions
Full audit log with who, what, when, and from where
Security event history for authentication changes

Audit log showing user actions, timestamps, and field-level change details

Threat Protection

Built-in protection against common threats

Security headers, rate limiting, and input sanitization protect your workspace from attacks.

Brute Force

Rate limiting on login, 2FA, password reset, and registration

XSS Prevention

CSP headers, server-side HTML sanitization, and React auto-escaping

CSRF Protection

Origin header validation and signed tokens on sensitive endpoints

HSTS Enforcement

Strict Transport Security with 1-year max-age and subdomain coverage

Clickjacking

X-Frame-Options DENY prevents embedding in iframes

DNS Verification

DNS-over-HTTPS verification for custom domain security

Threat Protection

Built-in protection against common attacks

Every layer of the platform includes active protection against the most common web application threats — no configuration needed.

Brute force: 5 login attempts/min, 3 password resets/10 min
Session hijacking: secure HTTP-only cookies, hostname scoping
XSS: server-side HTML sanitization + Content Security Policy
CSRF: origin header validation with fail-closed policy
Clickjacking: X-Frame-Options DENY headers
MITM: HSTS enforcement with 1-year max-age

Security shield showing multi-layer threat protection: brute force, XSS, CSRF, and session security

Data Isolation

Complete workspace separation

Every agency workspace is fully isolated. No data is shared between workspaces, even if the same email is used across multiple agencies. Custom domain sessions are automatically scoped to prevent cross-domain leaking.

All data scoped to your organization — zero cross-workspace access
Independent profiles per workspace (same email, different data)
Client data, projects, invoices strictly separated
Custom domain sessions scoped to exact hostname
DNS-over-HTTPS verification prevents domain spoofing

Data isolation diagram showing complete separation between agency workspaces

AES-256 Encryption

TLS1.3 In Transit

100% Tenant Isolation

99.9% Uptime SLA

What Users Say

Loved by agencies

★★★★★

"As a healthcare-adjacent agency, data security is non-negotiable. Eidoncore's tenant isolation and encryption gave us the confidence to move forward."

Dr. Rachel Kim
Director, MedComms Agency

Who It's For

Built for teams like yours

Enterprise Agencies

SOC 2 readiness, audit logs, and enforced 2FA across your organization.

Regulated Industries

AES-256 encryption, tenant isolation, and data residency options.

Client-Facing Teams

Prove your security posture to clients with enterprise-grade protections.

IT Administrators

Role-based access control, API key management, and session policies.

FAQ

Frequently asked questions

Eidoncore is SOC 2 ready with enterprise-grade security controls including AES-256 encryption, complete tenant isolation, audit logging, and role-based access control.

Every agency operates in a fully isolated tenant. Database queries are scoped to the authenticated tenant, middleware enforces isolation, and cross-tenant access is architecturally impossible.

Yes. TOTP-based two-factor authentication is available for all accounts. Enterprise users can enforce 2FA for all team members as a security policy.

Eidoncore runs on enterprise-grade cloud infrastructure with data encrypted at rest (AES-256) and in transit (TLS 1.3). Regional deployment options are available for Enterprise customers.

Explore More

Related features

Your data deserves enterprise-grade protection

Start your 14-day free trial with full security features from day one.

Start Free Trial →About Eidoncore

Security you can trust