Data storage and security in Enpass Hub for Enpass Business clients

For Enpass Business clients using Enpass Hub to enable additional sharing, recovery and security features, the Enpass Hub securely stores metadata about your company vaults (for password-health statistics) and encrypted vault keys (for access recovery and seamless vault sharing).

The Hub does not store the vaults themselves (which are encrypted and secured in your own business cloud or local devices), nor can the Hub be used to access any data stored within vaults. For greater detail about data security in the Self-Hosted version of Enpass Hub, please refer to our Enpass Hub Security Whitepaper.

Metadata stored in your Enpass Hub

User information

  • Email
  • Name

User device information

  • Device name
  • Identifier
  • Operating system type and version
  • Language
  • Country

Vault metadata

  • Vault name
  • Path to vault on business cloud (OneDrive/Sharepoint)

Data that enables Access Recovery

  • Recovery public keys
  • Recovery private keys (encrypted)
  • Vault keys (encrypted)

Data that enables Seamless Vault Sharing

  • Shared vault key (encrypted)
  • Share-group public key
  • Share-group private keys (encrypted)

Metadata that enables Security Audit statistics and features

  • Vault names
  • Paths to vaults on business cloud (OneDrive/Sharepoint)
  • Strength of Master Passwords
  • Number of passwords in each vault
  • Number of passwords excluded for audit in each vault
  • Number of compromised passwords in each vault
  • Number of accounts exposed in recent known breaches in each vault
  • Number of accounts that can be 2FA enabled in each vault
  • Number of duplicate passwords in each vault
  • Number of weak passwords in each vault
  • Number of attachments in each vault

Note: Security Audit metadata contains only aggregate statistics, and vault names and paths. No data stored within your Enpass vaults is ever accessed — or is even accessible — by your Hub.

Data security for Enpass Hub

If your Hub is self-hosted on a local server, no Enpass data ever leaves your infrastructure.

If your Hub is Enpass-hosted, only the data described above is stored outside your infrastructure. The sensitive data in your encrypted vaults remains stored only on your own cloud services or local devices.

In either case, Enpass Hub is end-to-end encrypted, and the vault keys stored in your Hub are only decrypted for authorized Vault Sharing or Access Recovery processes.

For greater detail about the security practices and measures for the Self-Hosted version of Enpass Hub, please refer to our Enpass Hub Security Whitepaper.

 

Related topics