Insteract takes the security and privacy of the data entrusted to us very seriously. We are constantly monitoring and improving Insteract to meet the growing challenges of modern computing. Every person using our service expects their data to be secure and confidential, and we have gone to extensive measures to ensure it remains so. As a rule we don't like to expose too much information about our security practices; however we understand that security is very important to our customers, so we decided to share the following information. We hope you find it useful.
Discovered a security issue?
If you believe you've discovered a bug or vulnerability that presents a security issue, please don't hesitate to get in touch with our security team directly by emailing firstname.lastname@example.org.
How We Protect Our Customers
We use the best technology available to keep your information safe. From login to logout, we encrypt our customers’ data with the highest standards available.
State-of-the-art encryption technology
Your data is transferred with high-grade TLS and multi-layered encryption at rest with AES-128 – the industry-standard for commercial applications. Encryption keys are stored separately from the data, and it’s all hosted in Amazon AWS and can only be accessed from our production VPN. All requests to our production servers pass through several management layers before reaching them.
Insteract does not store any credit card information. We have partnered with CCAvenue for credit card processing. They power online transactions for thousands of business and SaaS platforms and comply with PCI standards in the storage and handling of credit card information.
Data center security
Our hosting environment is fully-redundant with disaster recovery procedures. Our cloud hosting providers maintain multiple certifications for its data centers, including ISO 27001 compliance, PCI certification, and SOC.
Access to sensitive data requires two-factor authentication and is restricted only to authorized personnel performing specific tasks for the client
Our data is stored in a well protected production environment where only authorized employees can access data on as-needed basis. We keep only necessary customer data that is required to conduct business transactions. Our data storage is not accessible from public internet and is only retained for the duration of relevant contract with the customer. All archived data is strongly encrypted and customer data is deleted by technical means, sufficient to render this data irretrievable by ordinary commercially available ways.
Real-time audit log
We also keep a real-time audit log of all data access and changes made by administrators, customers, employees and our automated system.
Contact our Data Protection Officer by emailing email@example.com.