SECURITY_CLEARANCE: PUBLIC

TRUST ARCHITECTURE

Security is not a feature; it is the substrate upon which OpEX™ by EVMG Technologies is built. Our governance model ensures data sovereignty, auditability, and defense-in-depth.

Data Governance

We adhere to a strict "Least Privilege" philosophy. Access to sensitive data is scoped to the absolute minimum required for operational function.

  • Role-Based Access Control (RBAC)
  • Tenant Isolation
  • Data Residency Controls

Encryption Standards

All data is encrypted in transit via TLS 1.3 and at rest using AES-256. We do not hold keys to customer-managed secrets.

  • End-to-End Encryption
  • Key Rotation Policies
  • Secure Enclave Processing

Audit & Compliance

Trust requires verification. Every system action is logged to an immutable audit trail, providing a complete forensic history of operational events.

  • Immutable Audit Logs
  • Session Replay Capabilities
  • Automated Compliance Reporting

Operational Safeguards

We implement strict separation of duties between administrative and operational roles to prevent unauthorized system modifications.

  • Multi-Factor Authentication (MFA)
  • Emergency Kill-Switches
  • Automated Threat Detection

DATA_GOVERNANCE // LEAST_PRIVILEGE

At EVMG Technologies, we operate under a "Zero Trust" assumption. Access to the OpEX™ platform is not granted by default; it is explicitly provisioned based on the strict necessity of the user's role.

Our Principle of Least Privilege (PoLP) ensures that every entity—whether a human operator or a programmatic service—has access only to the specific data and resources required to perform its legitimate function, and nothing more.

ACCESS_SCOPERESTRICTION_LEVEL
ADMINISTRATIVEMFA_REQUIRED + IP_ALLOWLIST
OPERATIONALROLE_SCOPED + AUDIT_LOGGED
API_SERVICETOKEN_BOUND + RATE_LIMITED

MESSAGING_COMPLIANCE // TRANSACTIONAL_ONLY

SMS & Messaging Policy

EVMG Technologies uses messaging (SMS/email) strictly for transactional customer support related to OpEX™. We do not send marketing, promotional, or bulk campaign messages. Customers only receive texts after submitting an issue and selecting a text response preference.

Reply STOP to opt out.

Reply HELP for help.

Message/data rates may apply.

BUSINESS_IDENTITY // LEGAL_ENTITY

LEGAL_ENTITY

EVMG Holdings LLC

Arizona Domestic LLC

Entity ID: 23900078

OPERATING_BRAND

EVMG Technologies

Product: OpEX™ by EVMG Technologies

An Operational Excellence Platform

COMPLIANCE_POSTURE

EVMG Technologies maintains a rigorous internal compliance program aligned with industry best practices. We regularly review our security controls to ensure they meet the evolving threat landscape. For detailed compliance documentation or vendor due diligence packages, please contact our security team via the secure channel below.