Skip to content

Encryption at Rest and in Transit

Description

Ensures all customer data — conversations, recordings, personal identifiers, and configuration — is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher. Covers all storage backends, API endpoints, and inter-service communication.

Canonical use case

An enterprise security audit confirms that all data stored by ExpertFlow — including recording files and interaction logs — is encrypted at rest with AES-256, satisfying the organisation's data protection policy baseline.

Open Items

  • [ ] Canon alignment — populate canon_axiom_refs or confirm no existing axiom applies
  • [ ] Dependency assessment — set dependencies_assessed: true once SA has reviewed the full chain
  • [ ] effort_estimate — replace 0 with rough engineering days (order of magnitude)
  • [ ] public_description — write the public-facing description before publishing