Question 1

How is data isolated between tenants?

Accepted Answer

PostgreSQL Row-Level Security (RLS) policies enforce that every database query — regardless of application code — can only access rows belonging to the current tenant. The tenant UUID is set as a Prisma session variable before every query, and RLS policies verify it on every row access.

Question 2

Is Enafeedback GDPR and KVKK compliant?

Accepted Answer

Enafeedback provides the technical infrastructure for GDPR and KVKK compliance: configurable consent forms on visitor-facing flows, explicit consent recorded at submission, configurable data retention periods, PII masking before AI processing, and optional full data isolation. Your organization remains the data controller; Enafeedback acts as the data processor.

Question 3

How are credentials and secrets stored?

Accepted Answer

SMS provider credentials (API keys, passwords), outbound webhook signing secrets, and short-lived session tokens are encrypted using AES-GCM before storage. Encryption keys are injected via environment variables at runtime. No secrets are stored in source code or version control.

Question 4

What happens if an audit log entry is tampered with?

Accepted Answer

Each audit entry's HMAC-SHA256 hash is derived from the previous entry's hash plus the current event payload. If any entry is modified, all subsequent hashes become invalid. Administrators can trigger chain verification from the admin panel at any time, which re-computes and validates the entire chain.

Question 5

Who handles authentication — can we use our existing SSO?

Accepted Answer

Authentication is managed by EnaCore Identity, a dedicated OIDC provider in the EnaCore infrastructure. Enterprise accounts can connect their existing IdP (SAML/OIDC) to EnaCore for SSO. Admin panel users authenticate via the EnaCore identity layer; Enafeedback never stores passwords.

Data protection that starts at the database engine.

Six layers of protection.

PostgreSQL RLS

OIDC via EnaCore Identity

HMAC-SHA256 Audit

Encrypted Secrets

KVKK & GDPR Consent

Per-tenant Object Storage

Security FAQ

Vesair Enafeedback en voss ambient.