Encryption in transit
All data transmitted between your browser and ESSAM servers is encrypted using TLS 1.2 or higher. No process data travels over unencrypted connections.
Security
ENTERPRISE-GRADE
SECURITY
Your process data is sensitive. We treat it that way.
ESSAM is built for enterprise environments where security, access control, and data governance are non-negotiable. This page outlines how we protect your data and what you can expect from the platform as a responsible enterprise vendor.
Section 01
DATA PROTECTION
Encryption at rest
Process data, SOPs, and generated documents stored on ESSAM servers are encrypted at rest using AES-256 encryption.
Data isolation
Each organisation's data is logically isolated. Your process data, SOPs, and documents are never shared with or accessible by other ESSAM customers.
Section 02
ACCESS CONTROLS
Role-based access
Administrators can assign granular access roles within the platform. Team members only see the processes and documents they are authorised to access.
Single Sign-On (SSO)
Enterprise plan customers can integrate ESSAM with your organisation's identity provider via SAML 2.0 SSO. This allows your existing identity and access management (IAM) policies to govern platform access.
Audit trail
All process approvals, document sign-offs, and change events are logged with timestamps and user attribution. Enterprise customers have access to a full audit trail for compliance and governance purposes.
Section 03
INFRASTRUCTURE & RELIABILITY
Cloud infrastructure
ESSAM runs on enterprise-grade cloud infrastructure with built-in redundancy and geographic failover. Our infrastructure provider maintains SOC 2 Type II and ISO 27001 certifications.
Availability
We target 99.9% uptime for the ESSAM platform. Enterprise plan customers are covered under a formal Service Level Agreement (SLA). Scheduled maintenance windows are communicated in advance.
Backups
Customer data is backed up daily. Backup retention periods and recovery point objectives (RPO) are defined in the Enterprise SLA.
Section 04
COMPLIANCE & CERTIFICATIONS
Current status
ESSAM is currently undergoing formal third-party security assessment in preparation for SOC 2 Type II certification. We anticipate completing this process in the second half of 2026.
Data privacy
ESSAM complies with applicable data protection regulations. Our full Privacy Policy - covering data collection, usage, retention, and your rights as a data subject - is available at apac.essam.ai/privacy.
Read privacy policyBanking sector alignment
ESSAM has been deployed inside regulated banking institutions in the Gulf Cooperation Council, including local banks in Kuwait, where data governance and process confidentiality requirements are strictly enforced. We understand the compliance environment that enterprise banking customers operate within.
Enterprise data processing agreements
Enterprise plan customers who require a formal Data Processing Agreement (DPA) or vendor security questionnaire response for their internal procurement processes should contact their ESSAM account manager or reach out via the contact page.
Section 05
WHATSAPP DEPLOYMENT
ESSAM's staff deployment feature uses the WhatsApp Business API - Meta's enterprise-grade messaging infrastructure - to push approved process guides to your team. This means:
Encrypted delivery
All messages are end-to-end encrypted by WhatsApp's protocol.
Limited retention
ESSAM does not store message content after delivery.
Read-only guides
Staff receive read-only process guides - no sensitive back-end data is exposed through the WhatsApp channel.
Administrator control
Enterprise administrators control which processes are deployed and to which staff groups.
Security Contact & CTA
QUESTIONS OR SECURITY REVIEWS
If you are evaluating ESSAM as an enterprise vendor and require additional information for your security or IT review, we are happy to assist. We can provide:
- Completed vendor security questionnaires
- Data Processing Agreements (DPA)
- Architecture overview documentation
- Answers to specific security questions from your IT or risk team
Reach out through our contact page and mention your security review requirements. We will respond within one business day.