Transport security
- TLS 1.2 minimum on every public endpoint; TLS 1.3 preferred.
- HSTS preload enforced on connect.ener-go.am with 1-year max-age and includeSubDomains.
- Strict CSP on the marketing surface; same posture on the operator portal.
Trust
How EnerGo Connect handles your data, your money, and your uptime.
Every claim on this page maps to a feature in production or a contractual commitment available before signature. If something below isn't yet certified, we say so. If it's certified, the artefact is available under the standard MSA.
Last updated May 2026
The one-page trust summary
What a procurement reviewer needs in 30 seconds.
-
Data protection
GDPR
GDPR-compliant. Article 17 erasure workflow shipped in the operator portal. Standard DPA available pre-signature.
-
Information security
SOC 2 Type II in progress
Independent audit is in progress; no current SOC 2 certificate. Security-controls posture statement available on request under NDA.
-
Hosting
EU default
EU (Frankfurt) by default. Sovereign-cloud regions (UK, UAE, KSA, Brazil, India) and on-premise available under the talk-to-sales tier.
-
Uptime SLA
99.9% / 99.95%
99.9% on the standard tier with business-hours incident response. 99.95% on the enterprise tier with 24/7 response.
-
Encryption
TLS 1.2+ / at-rest
TLS 1.2+ in transit, HSTS preload enforced on the marketing surface. Managed Postgres encryption at rest. Per-tenant key derivation for OCPP credentials and tenant secrets.
-
Data portability
Full export, month-to-month
Month-to-month contract. Full data export on exit (CDRs, users with consent, tariffs, audit log, roaming history) at no charge. No termination fee.
Compliance posture
Stated honestly — what's done, what's in progress, what's not on the roadmap.
| Regime | Status | Evidence |
|---|---|---|
| GDPR (EU 2016/679) | Compliant | Article 17 (right to erasure) workflow shipped in the operator portal — driver-initiated and operator-initiated paths. Lawful-basis register maintained per tenant. Standard data-processing agreement available pre-signature. |
| SOC 2 Type II | In progress | Independent audit engagement underway. No current certificate. Interim control-posture statement (covering access management, change management, monitoring, incident response) available under NDA on request. |
| ISO 27001 | Not certified | We do not claim ISO 27001 certification. If your procurement process requires it specifically, we can map our control set to ISO 27001 Annex A controls for comparison. |
| NEVI (US FHWA) | Configurable | NEVI uptime reporting and customer-service-line requirements can be configured in the operator portal. We are not a US-funded NEVI-tier deployment partner today; if NEVI is your primary procurement driver, ChargeLab is the better-aligned shortlist. |
| PCI DSS | Out of scope | Card data is tokenised by our payment processor (PCI DSS Level 1) before it touches the platform. Connect does not store PANs. Our scope is limited to SAQ-A controls. |
| Armenian data protection law (RA Law on Personal Data) | Compliant | ENERGO CHARGERS LLC is registered in Armenia and operates under the RA Law on Personal Data alongside GDPR for EU data subjects. |
Hosting and data residency
Where your data physically lives, and how to change that.
| Region | Tier | Notes |
|---|---|---|
| EU — Frankfurt | Standard | Default. Used by every standard-tier tenant unless otherwise requested. |
| United Kingdom | Sovereign | UK-region hosting available under the talk-to-sales tier (Brexit-driven data-residency requirements). |
| United Arab Emirates | Sovereign | UAE-region hosting available on request for tenants subject to UAE data-residency rules. |
| Saudi Arabia | Sovereign | KSA-region hosting available on request for PDPL compliance. |
| Brazil | Sovereign | Brazil-region hosting available on request for LGPD-aligned deployments. |
| India | Sovereign | India-region hosting available on request for DPDP Act-aligned deployments. |
| On-premise | Enterprise | On-prem deployment of the full stack available under the enterprise tier. |
Sub-processor list is available under the MSA. We do not transfer personal data outside the chosen residency region without explicit instruction.
Uptime, incident response, and changelog
What we commit to, how we respond when something breaks, and how you verify it after the fact.
| Tier | SLA | Response | Credits |
|---|---|---|---|
| Standard | 99.9% monthly | Email + chat during business hours (UTC+04, your business hours on request) | Service credit per the standard MSA |
| Enterprise | 99.95% monthly | 24/7 incident pager, 1-hour acknowledgement | Enhanced service credits per the enterprise MSA |
How you verify what we shipped
- Public changelog at /en/#changelog — every release carries the same EG-### issue keys we use internally.
- Per-tenant audit log in the operator portal — every administrative action, every API call, every charger event, with chain-anchored daily verification.
- Monthly invoices with itemised session counts and reconciliations; refunds (and the 3% transaction-fee reversal) appear on the same invoice.
- Dedicated status page (status.ener-go.am) is planned but not yet live. Until then, incidents are emailed to all tenant admins.
Security posture
The controls we run today, in plain English.
Data at rest
- Managed Postgres with provider-level disk encryption.
- Per-tenant key derivation for OCPP credentials and tenant secrets.
- Backups encrypted with the same key hierarchy; restore procedure documented and tested before any production-impact change.
Access management
- RBAC in the operator portal — per-team and per-fleet scoping.
- Operator portal sessions are short-lived and revocable per user.
- API access is token-scoped; tokens can be rotated and revoked individually.
Application security
- Rate-limited and idempotency-keyed write endpoints on the OCPP and API surfaces.
- Real-time fraud worker on driver-side sessions (MaxMind geo enrichment, velocity checks).
- GDPR Article 17 erasure pipeline (driver and operator initiated) with cryptographic deletion verification.
Disclosure
- Coordinated disclosure window: 90 days from report, by mutual agreement.
- Security contact: [email protected] (PGP key on request) and /.well-known/security.txt.
- We do not run a bug bounty programme today; responsible reports get acknowledged within 2 business days.
Data portability — leaving is cheap by design
Vendor lock-in is the worst part of enterprise CPMS contracts. We've designed against it from day one.
What an export contains
- Charging Detail Records (CDRs) — every session, with start/end timestamps, energy delivered, tariff applied, driver pseudonym, charger ID.
- User database — every account, with consent-flagged personal data (we re-import only with explicit consent).
- Tariff configurations — every active and historical tariff structure, including time-of-day and quota-based rules.
- Audit log — every administrative action, every API call, every state transition, with the daily chain anchor.
- Roaming history — every OCPI session, with party IDs and settlement state.
- Reports — every generated report (revenue, P&L, fleet AR aging, etc.) in the format used in the operator portal.
Sub-processors
We don't list every sub-processor publicly because the list is conservative and the names are not what your security review actually cares about. The exhaustive list is delivered under the MSA, refreshed quarterly, with 30-day change notification.
-
Infrastructure & hosting
Application hosting, managed Postgres, object storage, edge CDN
-
Payment processing
Card networks, Apple Pay, Google Pay, regional rails per market, fiscal-receipt providers per jurisdiction
-
Communications
Transactional email, SMS for OTP, push notification dispatch
-
Observability
Application monitoring, structured logging, exception aggregation
-
Compliance tooling
Geo-IP enrichment (MaxMind), audit-log chain anchoring
Documents available on request
- Standard MSA (~6 pages)
- Standard DPA (GDPR-aligned)
- Security control posture (SOC 2 Type II audit prep)
- Sub-processor list (current, quarterly-refreshed)
- Disaster-recovery plan summary
- Standard MSA addenda for sovereign-cloud regions
Email [email protected] with a brief description of the procurement context and we'll send the relevant set.
Trust FAQ
Are you SOC 2 certified today?
No. SOC 2 Type II audit is in progress; we expect a certificate in the next 12 months. We do not market ourselves as certified before the audit completes. Interim control-posture documentation is available under NDA.
Can we host EnerGo Connect ourselves?
Yes, on the enterprise tier. We deploy the full stack on customer-controlled infrastructure under a separate operating model. Standard tier is hosted by us in EU-Frankfurt.
What's your incident notification SLA?
Standard tier: incident notification to tenant admins within 1 business hour of confirmed impact. Enterprise tier: 15 minutes, via pager.
How is access to my data inside your team controlled?
Production access is restricted to a named on-call rota with short-lived credentials. Named, accountable personnel only; every production action is logged to the same audit-log infrastructure tenants can see for their own actions.
Do you encrypt backups?
Yes, with the same per-tenant key hierarchy as the live database. Restore procedure is documented and tested against an isolated environment before any production-impact change.
What happens to my data if I cancel?
Standard 30-day window during which we provide a full export on request, then the production tenant is wiped. Backups containing your data are aged out per the standard 35-day backup retention policy.
Where can I send a vulnerability report?
[email protected] or via /.well-known/security.txt. Acknowledgement within 2 business days; coordinated disclosure window of 90 days from confirmed report.
Can we run our own pen-test against Connect?
Yes, with prior notice. We coordinate on scope and timing so we don't interpret it as a real incident. Reports are shared with our security lead.
Send your security questionnaire. We'll fill it in by end of next business day.
Bring the questionnaire your procurement team uses. We'll complete it against the controls in place today, mark what's planned-but-not-shipped, and send it back with the supporting documents.