← All documentation
🔒 Security & MFA
Enterprise-Grade Security
EntrepriseConnect implements security at every layer of the platform.
Encryption
- In transit: TLS 1.3 with modern ciphers (AES-256-GCM, ChaCha20-Poly1305)
- At rest: AES-256 for files, messages, and sensitive data
- Backups: AES-256 encrypted, rotated daily at 2 AM
- VoIP calls: SRTP encryption end-to-end
- VPN tunnels: WireGuard with ChaCha20-Poly1305
- Passwords: bcrypt with cost factor 12
Enabling 2FA / MFA
Protect your account with time-based one-time passwords (TOTP).
- Go to Settings → Security
- Click Enable MFA
- Scan the QR code with:
- Google Authenticator
- Microsoft Authenticator
- Authy
- 1Password
- Bitwarden
- Enter the 6-digit code to verify
- Save your backup codes in a secure place
⚠️ Always save backup codes! If you lose your phone without them, account recovery requires admin intervention.
Multi-Tenant Isolation
Unlike SaaS with shared databases, each company gets a dedicated PostgreSQL schema. Your data is physically isolated — not just logically separated.
This means even if another customer is compromised, your data remains completely safe.
Rate Limiting (Anti-DDoS)
| Endpoint | Limit | Window |
|---|
| Login attempts | 5 | per minute per IP |
| Registration | 3 | per hour per IP |
| API calls | 60 | per minute per IP |
| File uploads | 10 | per minute per IP |
Anti-Fraud Measures
- Business registration required: NINEA (Senegal), SIRET (France), EIN (USA), VAT (EU), CIN (India), etc.
- One Starter plan per email domain: prevents abuse of free trials
- Disposable emails blocked: mailinator, tempmail, guerrillamail, etc.
- IP-based registration limits: max 3 registrations per 24h per IP
- Auto-cleanup: inactive Starter accounts (3 days) are automatically deleted
Audit Logs
Every sensitive action is logged with complete context:
- Who: User ID, name, role, email
- What: Action type (login, create, delete, permission change)
- When: Timestamp with timezone
- Where: IP address, user agent, location
- Outcome: Success or failure + reason
View logs at Audit Logs in the menu. Data retention: 12 months (Pro) / unlimited (Enterprise).
Infrastructure Security
- Fail2ban: automatic IP banning for brute-force attempts
- Redis authentication: password-protected cache
- HSTS preload: browser forces HTTPS for 2 years
- CSP: Content Security Policy prevents XSS
- Clickjacking protection: X-Frame-Options DENY
- MIME sniffing protection: X-Content-Type-Options nosniff
Compliance
- ✅ GDPR compliant (European data protection regulation)
- ✅ Data residency: EU hosting (Hetzner Germany) available
- ✅ Right to be forgotten: export + delete on demand
- ✅ Data portability: JSON/CSV export
- ✅ Breach notification: within 72h (legal requirement)
- ✅ DPA available: Data Processing Agreement on request
Security Reporting
Found a vulnerability? Report it responsibly to security@ldentreprise.com
We offer a bug bounty for critical findings (up to $500 for remote code execution).