Security and Privacy

We take the security of our systems seriously. The Infodeck team is committed to the continual improvement of the information security of the organisation. Our practices follow industry-set baselines and best practices.

Privacy Policy

Find our Privacy Policy for the individuals or the organisation. Understand how we handle your data and privacy rights when using Infodeck services.

Learn more

Responsible Disclosure

We value the security community. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users.

Learn more

Data Privacy Officer

We have an appointed Data Protection Officer to oversee the ongoing privacy and compliance efforts. Contact DPO at security@infodeck.io.

Learn more

Our Compliance

The Infodeck team is proud to be compliant with ISO 27001 and SOC 2 Type II certification. We take the security and privacy of our customers seriously, and our products exemplify that commitment. Our offerings are meticulously designed to empower organisations in safeguarding their data within a robust and secure cloud infrastructure, in accordance with GDPR regulations.

Arise Health logo

ISO 27001:2013

The Paak logo

SOC 2 Type II

The Paak logo


Cloud Platform

Data in transit

Data from users to our services are over a secure HTTP connection (HTTPS) and encrypted end-to-end using SHA256 ECDSA for signing and SHA256 RSA for compatibility.
We only allow HTTPS connections from visitors supporting TLS v1.2 and above. These protocols offer modern authenticated encryption (also known as AEAD) for added security.

Data at rest

We follow the recommended cryptographic functions stipulated by NIST in Special Publication 800-175B.
Data repositories that hold or manage sensitive commercial or personal information are encrypted at rest using AES-256. Full disk encryption is also mandatory for all employee laptops and workstations.

Data retention

We retain data for as long as necessary to fulfil the purposes for which we collected it. This also includes satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. You may use the data export function for the copy of your data, or request should be made before deletion of your account.

2-Factor Authentication (2FA)

2FA adds an additional layer of security when users login to our application. We use One-time passwords (OTP) as a second factor. Our OTPs are unique codes that are valid for a single login session for a defined period of time.

Role-based Access Control

Platform data can only be accessed by an assigned administrator with specific roles.
Administrator of Infodeck Cloud platform can assign invited users for the specific roles and collaborate in the management process.

Third-party Integrations

All integrations are accomplished using oAuth v2.0. Tokens or any customer-identifying information are not exposed within our applications nor shared with other parties. Each request is protected in transit through HTTPS.

Vulnerability Management

The recurring process of identifying, classifying, prioritising, mitigating, and remediating security vulnerabilities
Preventive maintenance

The most recent and critical security patches are installed on the system as soon as practical and reasonable. Immediate application of security patches is ideal unless this interferes with business requirements where a reasonable expectation of delay is justified. Regular preventive maintenance (security and/or system patches) is carried out.

Endpoint Security

Endpoint security is used to protect Infodeck systems when accessed via remote devices such as laptops. Each laptop with the ability to access Infodeck systems can be a potential entry point for security threats. All Infodeck staff endpoints are monitored and scanned for up-to-date endpoint reports.

Remediating Vulnerabilities

Remediation is the part of the process in which a reported vulnerability is fixed. The engineering staff is responsible for remediating any reported vulnerabilities. The remediation process is tracked in the vulnerability management system. SLAs are in place to help prioritise vulnerability based on severity.

Managing Facilities on The Deck Today

Ask us about plans, pricing, implementation, or anything else. Our knowledgeable colleagues are ready to help.

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy and Cookies Policy for more information.