Skip to main content

Security

How we protect your data and how to report issues.

Last updated: June 2026

Our approach to security

Enera builds AI-native systems for organisations that handle sensitive decisions. We take the security of our own website and client data seriously, and we try to practice what we preach.

This page describes our security posture, the practices we follow, and how to reach us if you discover something we should know about.

Data in transit

All traffic to and from eneralabs.com is encrypted using TLS 1.2 or higher. We enforce HTTPS across every page and redirect HTTP requests automatically. Our hosting infrastructure uses modern cipher suites and has HSTS enabled.

Data at rest

Data collected through our website (booking details, Maturity Index responses) is stored by our infrastructure and third-party providers with encryption at rest. We do not store payment card details — all transactions are handled by PCI-compliant payment processors.

Third-party security

We use a small, deliberately limited set of third-party services. Before adopting any tool that handles user data, we review its security practices and data processing agreements. Current services include:

  • Cal.com — booking infrastructure, SOC 2 compliant
  • Hosting provider — infrastructure with ISO 27001 certification and DDoS mitigation

We do not use third-party advertising trackers, session-recording scripts, or analytics tools that persist identifiable user data across sites.

Access controls

Access to our production systems follows least-privilege principles. We use strong authentication (MFA required) for all internal tooling. Access is reviewed and revoked promptly when team members change roles.

Incident response

If we detect or are informed of a security incident affecting user data, we will:

  • Investigate and contain the issue as quickly as possible
  • Notify affected users within 72 hours where required by applicable law
  • Take steps to prevent recurrence
  • Be transparent about what happened and what we did

Responsible disclosure

If you discover a security vulnerability in our website or services, please report it to us before making it public. We ask that you:

  • Email us at hello@eneralabs.com with a clear description of the issue
  • Include steps to reproduce, affected URLs or components, and your assessment of potential impact
  • Give us reasonable time to investigate and address the issue before any public disclosure

We commit to acknowledging your report within 2 business days and keeping you informed as we work to resolve it. We will not take legal action against researchers who report issues in good faith.

Scope

This policy covers eneralabs.com and any subdomains operated by Enera. It does not cover third-party services we link to — those are governed by their own security policies.

Out-of-scope activities include: denial-of-service attacks, social engineering of Enera employees, physical security testing, and testing against systems or accounts that are not yours.

Contact

Security concerns, questions, or reports:
hello@eneralabs.com
Enera, Bengaluru, Karnataka, India