The Crucial Role of Security at Espressive

By Ray Cruz, Head of Security and Compliance in Engineering
June 14, 2023

Software-as-a-Service (SaaS) has revolutionized the way businesses and individuals’ access and utilize software applications. Thanks to its flexibility, scalability, and cost-effectiveness, SaaS has become the go-to solution for many industries. However, as the dependency on cloud-based services grows, so does the need for robust security measures.

This is why we put such an emphasis on security at Espressive. We designed our systems to ensure the confidentiality, integrity, and availability of you and your employees on any platform. One way we establish a secure system is by using a FedRAMP 3PAO to perform our annual third-party penetration testing, which focuses on various attack vectors.

Here are a few more reasons why you can trust Espressive with your data:

We are Already Compliant & Certified

Espressive maintains compliance and certification with some of the world’s most stringent security protocols, including:

  • AICPA SOC: Espressive is compliant with SOC 2 Type 2.
  • GDPR: Espressive complies with the General Data Protection Regulation (GDPR) when handling all customer data, both inside and outside of the EU.
  • HIPAA HITECH: Espressive complies with the HIPAA encryption requirement set, including those requirements specific to the HITECH Act.
  • ISO: Espressive is ISO 20243 certified.
  • CCPA: Espressive complies with the California Consumer Privacy Act (CCPA) regarding personal information.

We Built in Privacy from the Start

Security and privacy policies and procedures are built into all aspects of our products, starting at the design phase.

For example, Espressive Barista, our AI-based virtual support agent, understands billions of phrases across the enterprise and around the globe on day one. Barista is able to do so because of the Barista Employee Language Cloud, our domain specific large language model, which securely grows from every single employee interaction across our customer base in order to get a deeper, more accurate understanding of employee language.

These high accuracy levels require a lot of data, so every customer tenant in the Employee Language Cloud is in a private and secure data repository that prohibits sharing of data across customers. In addition, every employee interaction with Barista is anonymized when being used to help build the Employee Langue Cloud, so privacy is guaranteed while our language model continues to grow.

Our Employees are Secure (Like Our Technology)

Every Espressionist must complete security training as part of new employee onboarding as well as part of their annual education. Additional role-based security training (e.g., comprehensive training on secure coding best practices for all our engineers) is required to ensure that everyone at Espressive is up to date with the latest information.

We Make Security a Top Priority

At Espressive, customer success is not just a good intention – it is a core strategy. We do everything we can to make our customers successful, and that includes upholding the highest bar for security.

To learn more about how we put security at the core of everything we do, visit our Security page.

Share this post: