ELLA LogoELLA Help Center

Security & Trust

ELLA’s commitment to “Do Right” extends to how we treat your data. We know that both of our reputations are on the line, and we take that responsibility seriously. You're the steward of your clients' most valuable asset and we aim to do right by that. That’s why ELLA is built with a security-first mindset, grounded in transparency and respect for your data and your clients' data.

Shared responsibility

Under our shared responsibility model, ELLA secures the components that we control, including the application layer, selecting platform providers and managing cloud infrastructure, and ensuring robust company security practices. These include using security controls, monitoring, and incident response to protect against threats targeting these components.

What ELLA handles for you:

  • Application security: We implement enterprise-grade security measures including Web Application Firewall (WAF) protection against OWASP Top 10 vulnerabilities
  • Infrastructure protection: We manage secure cloud services with automatic scaling and redundancy
  • Access controls: We enforce authentication and authorization at every layer
  • Monitoring & response: We continuously monitor for threats and respond to security incidents

Your responsibilities:

  • Team management: Control who has access to your workspace and what permissions they have
  • Data decisions: Determine what information to store and your retention policies
  • Security hygiene: Use strong passwords across all devices with access to ELLA, enable passkeys, and follow security best practices

Application Security

Security has been a core design principle since before our very first line of code. We use trusted, enterprise-grade services for every layer of our stack and apply strict access controls across the board.

Authentication & Access

You can think about data protection as two main components: authentication and access controls. Authentication is the process of verifying who you are (ie. via login), while access controls are the rules that determine who has access to what data.

You can log in using a secure email link, passkey, or your organization's SSO provider. For more information on authentication, see Account Security.

Once you've authenticated you, we use role-based access controls to protect against unauthorized access to data. Each workspace has completely separate access controls and every request validates workspace access server-side before processing, saving, or returning any data.

Data Encryption

All data is encrypted both in transit (TLS 1.2+) and at rest (AES-256). Data never travels unencrypted between services or devices.

Hosting & Storage

Your data is hosted and/or processed entirely in the U.S., using enterprise-grade providers such as Vercel, Cloudflare, and Neon Postgres. Every provider we work with has strong compliance and security frameworks (SOC 2, ISO 27001).

AI Privacy

When using ELLA’s Sensemaking features, we strive to keep your data private across both our internal processes and our external AI providers. We use a redaction layer before communicating with any external AI providers to ensure non-essential personal or client-identifiable data is not sent.

We do not train on your data and we maintain strict contractual obligations with all third-party providers to ensure the same.

Transparency & Control

You can request data exports or deletion at any time by emailing privacy@exitwithella.io. . We’ll process your request promptly and confirm once complete.

ELLA Documentation

Previous Page

Account Structure

Next Page

On this page

Shared responsibilityApplication SecurityAuthentication & AccessData EncryptionHosting & StorageAI PrivacyTransparency & Control