November 6, 2024 4:00 PM
CET
How to improve the security, scalability and intelligence of your access control
Register
Security and privacy
IndyKite is focused on supporting our customers to capture, connect, and control their data, and compliance underpins all three. We are committed to building our technology to the highest quality so we can deliver trusted solutions.
IndyKite’s Security and Privacy Team is responsible for developing and enforcing policies and controls, overseeing adherence to these standards, and demonstrating our security and compliance to external auditors.
Data protection
Encryption
Securing your data with state-of-the-art encryption
User requests to our systems are encrypted in transit using TLS, secured by certificates from a recognized third-party certificate authority. For data at rest, we ensure protection with strong encryption protocols, such as AES 256-bit.
- End-to-end encryption for data in transit using TLS 1.2+
- Encryption of data at rest such as AES-256
- Secure key management practices to protect encryption keys
- Regular audits and updates to encryption protocols
- Encrypted backups to safeguard data against loss or breaches
- Compliance with industry standards and regulations for encryption
Access control and identity management
Only the right people, in the right places
We enforce strict access controls to ensure that only authorized personnel can access critical systems. We use multifactor authentication, least privilege principles, granular access controls and regular access reviews to ensure secure experiences for all our users.
- Multifactor authentication for user and administrator access
- Least Privilege Principles
- Access reviews to ensure ongoing security
- Fast de-provisioning of access for terminated users
Security standards
Committed to Industry-Leading Security and Compliance
SOC 2 Type I Certified
Our SOC 2 Type 1 certification demonstrates that our security controls are designed and implemented to protect your data. We follow rigorous processes to ensure that your sensitive information is handled securely.
What is SOC?
Towards SOC 2 Type II
We are currently progressing towards SOC 2 Type 2 certification, which will validate the operational effectiveness of our security controls over an extended period. This reflects our ongoing commitment to maintaining a robust security program.
GDPR Compliance
As part of our dedication to protecting customer data, we comply with the General Data Protection Regulation (GDPR). This ensures that personal data is collected, processed, and stored responsibly and that we uphold the privacy rights of our users in the European Union.
Platform security
Detect and fix vulnerabilities before they become threats
We perform regular vulnerability scans to proactively identify and address security weaknesses. By continuously monitoring our systems, we stay ahead of potential risks to keep our infrastructure and data safe.
** We value the security of our systems and take a proactive approach to address potential vulnerabilities. If you discover a security issue or vulnerability, we encourage you to report it responsibly. Our team will work diligently to address any issues and keep our systems secure. For more information on how to report security issues and our responsible disclosure process, please visit our Responsible Disclosure Policy.
- Regular vulnerability scans
- Real-time alerts for critical vulnerabilities
- Prioritized remediation based on risk level
- Swift patch management to resolve issues
Data privacy
Safeguarding your personal information with transparency and control
We are committed to protecting your personal data and ensuring its privacy by adhering to the highest standards of data protection. Our commitment to data protection ensures that your personal information is handled responsibly and in accordance with relevant privacy regulations (e.g., GDPR & CCPA)
We make contractual commitments to our customers to ensure compliance with applicable EU data protection laws, guaranteeing that:
Learn more about our data protection practices in our Privacy Policy
- Processing is carried out only when there is a lawful basis as defined by our Privacy Policy
- Data processing is limited to specific and disclosed purposes
- Our systems are designed to process minimum data that is required to achieve the desired result
- We conduct a comprehensive assessment before engaging any sub-processors and only select those who meet our data protection standards.
- We have implemented technical and organizational measures, aligned with industry best practices, to safeguard our customers' data as specified in our Data Processing Agreement(DPA).
- We securely dispose data when it is no longer needed
Choose your region
Have more questions or need a report?
We are here to help!
If you have any questions about our security practices, need further information, or would like to request access to a specific security report, please don’t hesitate to reach out to us. Our team is ready to assist you and provide the information you need.
