Question 1

tenant 데이터는 어떻게 격리되나요?

Accepted Answer

PostgreSQL RLS 정책은 애플리케이션 코드와 무관하게 모든 쿼리가 현재 tenant의 행만 접근하도록 보장합니다. tenant UUID는 각 쿼리 전에 Prisma 세션 변수로 설정되며, RLS가 모든 행 접근을 강제합니다.

Question 2

Enafeedback는 GDPR 및 KVKK를 준수하나요?

Accepted Answer

Enafeedback provides the technical infrastructure for GDPR and KVKK 규정 준수: configurable consent forms on visitor-facing flows, explicit consent recorded at submission, configurable data retention periods, PII masking before AI processing, and optional full 데이터 격리. Your 조직 remains the data controller; Enafeedback acts as the data processor.

Question 3

kredensial 및 rahasia disimpan?

Accepted Answer

Kredensial SMS (kunci API, kata sandi), rahasia tandatangan webhook keluar 및 token sesi jangka pendek dienkripsi AES-GCM sebelum disimpan. Kunci enkripsi disuntikkan 를 통해 variabel lingkungan saat runtime. Tidak ada rahasia dalam kode sumber 또는 kontrol versi.

Question 4

yang berlaku jika entri log audit diubah?

Accepted Answer

Each audit entry's HMAC-SHA256 hash is derived from the previous entry's hash plus the current event payload. If any entry is modified, all subsequent hashes become invalid. Administrators can trigger chain verification from the 관리 패널 at any time, which re-computes and validates the entire chain.

Question 5

신원 관리 — 기존 SSO를 사용할 수 있나요?

Accepted Answer

Autentikasi dikelola oleh EnaCore Identity, penyedia OIDC khusus dalam infrastruktur EnaCore. Akun Enterprise dapat menghubungkan IdP yang ada (SAML/OIDC) ke EnaCore 위해 SSO. Pengguna panel admin mengautentikasi 를 통해 lapisan identitas EnaCore; Enafeedback tidak pernah menyimpan kata sandi.

Perlindungan data memulai 에서 mesin basis data.

Enam lapisan perlindungan.

RLS PostgreSQL

EnaCore Identity OIDC

HMAC-SHA256 audit

Rahasia dienkripsi

Persetujuan KVKK & GDPR

tenant별 객체 스토리지

보안 FAQ

귀사 환경에서 Enafeedback을 경험하세요.