Security and privacy are at the heart of everything we do.
We are transparent about the specific policies, operational practices, and technologies that help you ensure the security, compliance, and privacy of your data across Inteliam services.
We take a “secure by design” approach to protect our customers' data. This means that we incorporate security and data protection principles into every stage of our product development lifecycle, from initial design through deployment and ongoing maintenance. We conduct regular security assessments, and perform rigorous testing to identify and address vulnerabilities before they can be exploited. Our engineers are trained in secure coding practices, and we follow strict security protocols for every aspect of our product development process.
By taking this approach, we ensure that our products are built to the highest standards of security and data protection, giving our customers the peace of mind they need to trust us with their sensitive information.
We ensure Customer data is protected by limiting internal access and preventing unauthorised access by implementing security measures. Access to data will be granted to employees and contractors based on the principle of least privilege, which means that users will be granted access only to the data necessary to perform their job duties. Access controls are implemented to ensure that only authorised users have access to the data.
We never transmit date over the wire unless it's encrypted. All data is encrypted at rest.
We engage third-party auditors, to conduct regular audits of our security systems and processes such as black and grey box penetration testing. These audits help us identify potential vulnerabilities and improve our security posture. As such, Penetration results are compiled in reports and action plans that feed the development backlog for security enhancements are identified. We only engage auditors who have the necessary certifications and qualifications to perform these audits.
we believe that our employees are our first line of defense against cyber threats. That's why we provide regular training and awareness programs to ensure that our employees are up-to-date on the latest security threats and best practices. Our training covers topics such as phishing scams, email security, password management, two-factor authentication, device encryption, and secure data handling. We also conduct regular simulations to test our employees' ability to identify and respond to potential threats. In addition, we require all employees to complete mandatory security awareness training upon joining the company, and we provide ongoing training to ensure that everyone is aware of the latest threats and how to protect against them. By keeping our employees informed and prepared, we can help to minimize the risk of cyber attacks and protect our customers' data.
We use Microsoft Azure as an infrastructure provider.
We use dedicated MongoDB clusters on Azure Cloud for the database layer of our cloud service.
We use Google for email, office and business applications.
Datadog is used for infrastructure monitoring, analytics, and alerting. We process log files which could include IPs and potentially query parameters.
We use Sentry to detect errors that occurred in production that we couldn't detect otherwise.
MailJet is our primary partner for sending marketing and notification emails.