Security & Compliance

Enterprise-grade security,
built into
every layer.

From environment isolation to role-based access, IP restrictions, and data residency controls — encatch is built for teams where security is not optional.

  • Sandbox isolation — PMs and developers collaborate without touching production
  • Role management — custom permissions at org and project level
  • API keys scoped by domain and environment
  • SSO (OIDC / SAML) for enterprise identity provider integration
Talk to salesRead the docs

Security layers

All systems secure

Access Control

Domain locking

IP whitelisting

Role-based permissions

Environments

Sandbox isolation

Production promotion

No dev access to prod

API Keys

Domain-scoped

Env-scoped + expiry

Data Governance

Configurable retention

Audit log

Data residency

4

Access layers

2

Environments

Live

SSO

Sandbox environment

Ship feedback safely. No production access required.

In most tools, configuring feedback requires developers and PMs to work in production — which means either giving developers production access, or constant back-and-forth coordination. encatch Sandbox breaks that model entirely. PMs configure forms, triggers, and screen paths in a fully isolated environment. Developers implement SDK events there. Once everything is validated together, the PM promotes the configuration to production — no developer ever touches it.

  • PMs configure feedback experiences in Sandbox without developer involvement in production
  • Developers implement SDK events and URL paths in Sandbox only — no production credentials needed
  • PM reviews the full end-to-end flow in Sandbox before a single line ships to users
  • One-click promotion from Sandbox to Production — controlled entirely by the PM
  • Sandbox activity does not consume production MAU, response, or destination quotas
  • Use Sandbox for ongoing validation — new forms, events, and experience changes, continuously

Sandbox

Safe to iterate

Production

PM-controlled

How teams work together

PM

Configures feedback forms, triggers, and screen paths in Sandbox

Dev

Implements SDK events and URL paths in Sandbox — no production access needed

PM

Reviews end-to-end in Sandbox. Approves and promotes config to Production

Prod

Production config goes live — developers never touched it

Sandbox usage does not count against production quotas

Access control

The right people see the right things — nothing more.

encatch's role system gives you surgical control over who can do what. Roles are defined at the organization level or scoped to individual projects — so your integration manager can manage webhooks without seeing feedback responses, and your feedback manager can analyze responses without touching API keys or billing.

  • Custom roles at both organization and project level — no one-size-fits-all permissions
  • Org Admin role is immutable and always protected — cannot be deleted or modified
  • Domain locking prevents unauthorized signups on your corporate domain
  • IP whitelisting restricts admin portal access to your office or VPN networks
  • SSO via OIDC or SAML for enterprise identity provider integration

Custom roles

Org Admin

Organization level

Immutable
Manage membersManage rolesAll projects

Feedback Manager

Project level

View responsesManage formsExport data

Integration Manager

Project level

Manage destinationsManage API keysView pipeline

Admin portal controls

Domain locking

Prevent unauthorized signups on your domain

IP whitelisting

Restrict admin access to trusted networks only

SSO (OIDC / SAML)

Enterprise identity provider integration

API keys

Keys that know exactly where they're allowed.

Every encatch API key is scoped at creation — to a specific domain or mobile bundle ID, and to an environment (sandbox or production). A frontend SDK key on your marketing site is sandboxed from your production environment. Keys expire automatically, reducing stale credential risk.

  • Scope keys to specific web domains or mobile app bundle IDs
  • Separate sandbox and production keys — development work never touches live data
  • Configurable expiry dates — keys expire automatically, reducing stale credential risk
  • Keys are shown once at generation and never stored — treat them like passwords
  • Rate-limited at the SDK level to prevent abuse from public-facing integrations

MYAPP_WEB · Production

Expires Jan 2026

enc_live_••••••••••••••••

Scope dimensions

Domain scope

app.myproduct.com

Environment

Production

Expiry

Configurable

Keys are shown once at generation — never stored. Separate keys for web domains and mobile bundle IDs.

Sandbox key

Production key

User identity signing

Only your server can create a trusted user.

encatch API keys are public by design — they're embedded in your SDK. Without additional protection, anyone who extracts your key could forge user identity calls, create fake users, and inflate your MAU count. HMAC signatures close that gap entirely. Your server signs every identity payload using a secret key that never leaves your infrastructure. encatch verifies the signature before accepting any user creation — unsigned or tampered calls are rejected outright.

  • HMAC-SHA256 signing — your server signs the user ID with a secret key stored only on your backend
  • The secret key is never embedded in client code, mobile apps, or browser bundles
  • Time-bound validity window — each signature expires after a configurable period, preventing replay attacks
  • Captured signatures cannot be reused after the window closes, even if intercepted
  • Unsigned identity calls can be blocked at the platform level — enforce signing across your entire account
  • Directly protects MAU billing integrity — forged or anonymous user creation is rejected before it counts

Identity verification

Trusted — server-signed

HMAC‑SHA256(userId + timestamp, secret_key)

Signed on your server — never in client code

Valid window: 5 minutes — replay attack prevented

encatch accepts · user created · MAU counted

Rejected — unsigned / forged

SDK call without valid signature

encatch rejects · no user created · no MAU charged

Algorithm

HMAC-SHA256

Stored where

Your server only

Time window

Configurable

MAU protection

Enforced

Data governance

Your data, in the region you choose — with a full paper trail.

encatch gives compliance teams the controls they need: configurable retention windows, automated data purging, immutable audit logs for every admin action, and data residency options as they roll out across regions. Every deletion, key revocation, and role change is logged — so your security team always knows what happened and when.

  • Data currently hosted in India — EU and US regions coming soon
  • Configurable retention periods from 3 months up to 2 years
  • Automated purging — data older than your retention window is removed automatically
  • Immutable audit log covers retention changes, key revocations, and role updates
  • Daily export to S3 or webhook before retention window closes — your data, your archive

Data residency

🇮🇳

India

Live
🇪🇺

European Union

Coming soon
🇺🇸

United States

Coming soon

Data retention

Retention window

Up to 2 years
3 months (Hobby)2 years (Paid)

Audit log

admin@acme.com · retention_updated · 90 → 30 days

2h ago

dev@acme.com · api_key_revoked · MYAPP_WEB_OLD

5h ago

admin@acme.com · role_created · Integration Manager

1d ago

Capabilities

Security at every layer of the stack.

From sandbox isolation to enterprise SSO — encatch gives IT admins and security teams the controls they need, without slowing down the product team.

Sandbox environment

Isolated project type for safe integration, testing, and PM review — no production usage charged.

Production promotion

PMs promote sandbox configs to production. Developers never need production access.

Custom roles

Define roles at org and project level — feedback manager, integration manager, system admin, and more.

Domain locking

Prevent unauthorized users on your domain from signing up to the admin portal.

IP whitelisting

Restrict admin portal access to trusted IP addresses and corporate networks.

SSO (OIDC / SAML)

Enterprise single sign-on integration with your identity provider — OIDC and SAML supported.

API key scoping

Keys scoped to specific domains, environments (sandbox/production), and permission types.

Data residency

Currently hosted in India. EU and US regions available on request — coming soon.

Audit log

Immutable log of every admin action — retention changes, key revocations, role updates.

Configurable retention

Set your data retention window from 3 months up to 2 years. Records purged automatically.

Sandbox rate limits

Lower rate limits in sandbox protect the platform while giving enough capacity for testing.

API key scoping

Keys scoped to specific domains, environments (sandbox/production), and expiry dates — no stale credentials.

HMAC identity signing

Server-side HMAC-SHA256 signatures verify every user identity call. Time-bound validity windows prevent replay attacks and protect MAU billing integrity.

Enterprise ready

Security that works for your team — not against it.

Sandbox environments, granular roles, and API key scoping mean your team ships faster without compromising control. Talk to us about enterprise deployment options.

Talk to salesSee documentation