Find our Privacy Policy for the individuals or the organisation. Understand how we handle your data and privacy rights when using Infodeck services.
We value the security community. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users.
We have an appointed Data Protection Officer to oversee the ongoing privacy and compliance efforts. Contact DPO at security@infodeck.io.
The Infodeck team is proud to be compliant with ISO 27001 and SOC 2 Type II certification. We take the security and privacy of our customers seriously, and our products exemplify that commitment. Our offerings are meticulously designed to empower organisations in safeguarding their data within a robust and secure cloud infrastructure, in accordance with GDPR regulations.
Data from users to our services are over a secure HTTP connection (HTTPS) and encrypted end-to-end using SHA256 ECDSA for signing and SHA256 RSA for compatibility.
We only allow HTTPS connections from visitors supporting TLS v1.2 and above. These protocols offer modern authenticated encryption (also known as AEAD) for added security.
We follow the recommended cryptographic functions stipulated by NIST in Special Publication 800-175B.
Data repositories that hold or manage sensitive commercial or personal information are encrypted at rest using AES-256. Full disk encryption is also mandatory for all employee laptops and workstations.
We retain data for as long as necessary to fulfil the purposes for which we collected it. This also includes satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. You may use the data export function for the copy of your data, or request should be made before deletion of your account.
2FA adds an additional layer of security when users login to our application. We use One-time passwords (OTP) as a second factor. Our OTPs are unique codes that are valid for a single login session for a defined period of time.
Platform data can only be accessed by an assigned administrator with specific roles.
Administrator of Infodeck Cloud platform can assign invited users for the specific roles and collaborate in the management process.
All integrations are accomplished using oAuth v2.0. Tokens or any customer-identifying information are not exposed within our applications nor shared with other parties. Each request is protected in transit through HTTPS.
The most recent and critical security patches are installed on the system as soon as practical and reasonable. Immediate application of security patches is ideal unless this interferes with business requirements where a reasonable expectation of delay is justified. Regular preventive maintenance (security and/or system patches) is carried out.
Endpoint security is used to protect Infodeck systems when accessed via remote devices such as laptops. Each laptop with the ability to access Infodeck systems can be a potential entry point for security threats. All Infodeck staff endpoints are monitored and scanned for up-to-date endpoint reports.
Remediation is the part of the process in which a reported vulnerability is fixed. The engineering staff is responsible for remediating any reported vulnerabilities. The remediation process is tracked in the vulnerability management system. SLAs are in place to help prioritise vulnerability based on severity.
Ask us about plans, pricing, implementation, or anything else. Our knowledgeable colleagues are ready to help.
.png){kind=small}
