
## Built on industry experience

The security practices in Encore Cloud are built on our team's decades of experience designing and operating sensitive systems at companies like Google, Spotify, and Monzo.

## Security by Default

Encore Cloud is designed to make security effortless rather than burdensome:

- **Zero-config security**: Focus on building features while Encore Cloud automatically implements security best practices
- **Built-in secrets management**: Safely handle sensitive data using the built-in [secrets management system](/docs/ts/primitives/secrets)
- **Automated IAM management**: Encore Cloud automatically manages IAM policies based on the principle of least privilege

## Security features

When Encore Cloud deploys your application and infrastructure, it takes care of implementing security best practices:

- **Strong encryption**: All communication uses mutual TLSv1.3
- **Secure databases**: Database access is encrypted with certificate validation and strong security credentials
- **Cloud security**: Automatic provisioning with security best practices specific to each cloud provider
  - Learn more about [Google Cloud Platform (GCP)](/docs/platform/infrastructure/gcp)
  - Learn more about [Amazon Web Services (AWS)](/docs/platform/infrastructure/aws)
