As a data company, we understand and stress the importance of complying with the global privacy protocol. As such, data privacy and security are things that we take very seriously at InnerTrends.
Our goal is to provide a secure environment, while also keeping our application’s performance at the highest quality to provide you with the best overall user experience.
Security is the responsibility of all InnerTrends employees, and we take measures to ensure that access to our systems and your data is restricted only to those who need access in order to provide you awesome support.
- Our IT team is in charge with the operational aspects of our business, and ensure information security.
- All backend machines that run our infrastructure are kept up to date and patched. All software installation is strictly controlled. Access to these machines is restricted to members of the IT & backend server team.
- Our organization's Development, Test, and Production systems are separated.
We also have strict requirements for all employees, including but not limited to:
- All staff machines must comply with our Confidentiality Policy which includes a requirement to "take all reasonable measures to protect the security and prevent the unauthorized access or disclosure of all confidential information".
- The majority of our staff are fully remote and adhere to specific requirements such as: encryption of storage media, using two-factor authentication (2FA), requiring strong passwords, and specific recommendations such as configuring computers and phones to lock after a certain period. Additionally, all communication is done through securely encrypted channels using modern, strong encryption.
- A thorough employee termination & access removal process is in place.
- All communication between users and the InnerTrends application is over secure, encrypted channels with 256-bit TLS encryption and any requests to retrieve or alter data must be authenticated.
- InnerTrends enforces a password complexity standard and credentials are stored using a PBKDF function (bcrypt).
- Periodic audits are run by our manager to review compliance with security policies, and procedures. If violations are found, corrective actions are taken immediately.
- We also contract a third party for regular server penetration tests and testing for vulnerabilities inside the application.
Data Center Security
- InnerTrends is compliant with the EU General Data Protection Regulation (GDPR) (http://www.eugdpr.org/).
- Our data centers manage physical security 24/7. InnerTrends services and data are hosted on Google Cloud, in the USA (https://cloud.google.com/security/).
- Our servers are located in the US, and are restricted to infrastructure engineers and maintenance staff. Each employee is given access through a unique key that can be revoked, if needed.
Customer Data Security
- InnerTrends stores customer raw data on BigQuery, a managed big data service from Google Cloud
- Processed data is stored on MongoDB, hosted on Google Cloud servers.
- The buffer systems that are used to move data are emptied automatically on a daily basis.
- All data stored on Google Cloud is automatically encrypted at rest and distributed for availability and reliability.
- InnerTrends applies a second layer of asymmetric encryption on any information used to identify a person, such as email addresses, phone numbers, ids.
If you think you may have found a security vulnerability, please get in touch with our security team at firstname.lastname@example.org.