Security and privacy

IndyKite is focused on supporting our customers to capture, connect, and control their data, and compliance underpins all three. We are committed to building our technology to the highest quality so we can deliver trusted solutions.

IndyKite’s Security and Privacy Team is responsible for developing and enforcing policies and controls, overseeing adherence to these standards, and demonstrating our security and compliance to external auditors.

Data protection

Encryption

Securing your data with state-of-the-art encryption

User requests to our systems are encrypted in transit using TLS, secured by certificates from a recognized third-party certificate authority. For data at rest, we ensure protection with strong encryption protocols, such as AES 256-bit.

  • End-to-end encryption for data in transit using TLS 1.2+
  • Encryption of data at rest such as AES-256
  • Secure key management practices to protect encryption keys
  • Regular audits and updates to encryption protocols
  • Encrypted backups to safeguard data against loss or breaches
  • Compliance with industry standards and regulations for encryption

Access control and identity management

Only the right people, in the right places

We enforce strict access controls to ensure that only authorized personnel can access critical systems. We use multifactor authentication, least privilege principles, granular access controls and regular access reviews to ensure secure experiences for all our users.

  • Multifactor authentication for user and administrator access
  • Least Privilege Principles
  • Access reviews to ensure ongoing security
  • Fast de-provisioning of access for terminated users

Security standards

Committed to Industry-Leading Security and Compliance

SOC 2 logo

SOC 2 Type I Certified

Our SOC 2 Type 1 certification demonstrates that our security controls are designed and implemented to protect your data. We follow rigorous processes to ensure that your sensitive information is handled securely.

What is SOC?

What is SOC 2?

Towards SOC 2 Type II

We are currently progressing towards SOC 2 Type 2 certification, which will validate the operational effectiveness of our security controls over an extended period. This reflects our ongoing commitment to maintaining a robust security program.

GDPR logo

GDPR Compliance

As part of our dedication to protecting customer data, we comply with the General Data Protection Regulation (GDPR). This ensures that personal data is collected, processed, and stored responsibly and that we uphold the privacy rights of our users in the European Union.

Platform security

Detect and fix vulnerabilities before they become threats

We perform regular vulnerability scans to proactively identify and address security weaknesses. By continuously monitoring our systems, we stay ahead of potential risks to keep our infrastructure and data safe.

** We value the security of our systems and take a proactive approach to address potential vulnerabilities. If you discover a security issue or vulnerability, we encourage you to report it responsibly. Our team will work diligently to address any issues and keep our systems secure. For more information on how to report security issues and our responsible disclosure process, please visit our Responsible Disclosure Policy.

  • Regular vulnerability scans
  • Real-time alerts for critical vulnerabilities
  • Prioritized remediation based on risk level
  • Swift patch management to resolve issues

Data privacy

Safeguarding your personal information with transparency and control

We are committed to protecting your personal data and ensuring its privacy by adhering to the highest standards of data protection. Our commitment to data protection ensures that your personal information is handled responsibly and in accordance with relevant privacy regulations (e.g., GDPR & CCPA)

We make contractual commitments to our customers to ensure compliance with applicable EU data protection laws, guaranteeing that:

Learn more about our data protection practices in our Privacy Policy

  • Processing is carried out only when there is a lawful basis as defined by our Privacy Policy
  • Data processing is limited to specific and disclosed purposes
  • Our systems are designed to process minimum data that is required to achieve the desired result
  • We conduct a comprehensive assessment before engaging any sub-processors and only select those who meet our data protection standards.
  • We have implemented technical and organizational measures, aligned with industry best practices, to safeguard our customers' data as specified in our Data Processing Agreement(DPA).
  • We securely dispose data when it is no longer needed

Identity data management

Learn about Authorization: This process defines and enforces what resources users can access or actions they can perform, based on predefined permissions linked to their roles or attributes, ensuring secure and efficient operations.

AI

Learn about Authorization: This process defines and enforces what resources users can access or actions they can perform, based on predefined permissions linked to their roles or attributes, ensuring secure and efficient operations.

Have more questions or need a report?

We are here to help!

If you have any questions about our security practices, need further information, or would like to request access to a specific security report, please don’t hesitate to reach out to us. Our team is ready to assist you and provide the information you need.