Procurement FAQ

Quick answers to the questions that come up most often during security and procurement reviews. Anything missing is fastest answered through the contact form.

Who owns the data we put into Essence?

You do. The customer is and remains the data controller for the content uploaded to Essence. We act as data processor under a Data Processing Addendum, with documented retention and deletion rules and a contractual export path on termination.

Which regions can our data be stored in?

The default region is documented in the order form. Optional regional deployment configurations are available on request for public-sector and regulated customers; cross-border transfers are governed by the standard contractual clauses appended to the DPA.

How is one customer isolated from another?

Each customer is a separate tenant with logical isolation at the application and data layer. Access tokens, queries, and audit log entries are scoped to the tenant; cross-tenant access is not part of any supported workflow.

Do you support single sign-on?

Single sign-on is available on the Enterprise tier and above through your identity provider. SCIM provisioning is on the platform roadmap; current customers using SSO manage user lifecycle through the identity provider plus our admin console.

How do you handle backups and recovery?

Encrypted backups run on a documented schedule, restore is tested periodically, and recovery time and recovery point objectives are documented in the security overview and contractual annex. Backup evidence is shared under DPA on request.

How does your pilot end if we decide not to proceed?

A pilot has a defined end date and a documented exit path: data export in the agreed format, deletion confirmation in writing, and no automatic conversion to a paid tier without a separate signed order form.