Data & Security Policy
At Intrro, we are constantly working on maintaining and continually improving our information security management system (ISMS), with an emphasis across five areas: security, availability, confidentiality, processing integrity, and privacy.
Intrro is currently engaged with Laika, Inc, an security & compliance platform, in order to perform an AICPA System and Organization Control 2 (SOC 2), Type I audit for the Security Trust Services Criteria.
The documents below explain the policies, procedures, management practices, and required controls that we have implemented:
- Business Continuity and Disaster Recovery Plan
- Compliance and Risk Management Policy
- Configuration and Change Management Policy
- Data Protection and Handling Policy
- Hiring Policy
- Incident Response Policy
- Information Security Policy
- Privacy Policy
- Example Data Processing Agreement
Intrro acknowledges: (i) that the Customer acts as Data Controller and Intrro acts as Data Processor in relation to the Personal Data and will use and process the Personal Data solely on the Customer’s instructions, for the purposes of providing the Service, and in accordance with these Terms of Service, any applicable Data Processing Agreement or otherwise in accordance with the Customer’s express instructions; (ii) it shall ensure the appropriate security of the Personal Data including against unauthorized or unlawful processing and against accidental loss, destruction or damage; and (iii) [it shall not without the Customer’s express permission transfer Personal Data relating to data subjects based within the UK and/or EEA outside of the EEA and the UK, it is acknowledged that Personal Data in respect of persons resident outside of the UK and EEA may be processed elsewhere].
Data StorageIntrro services run on Amazon Web Services (AWS) which is physically secure, employs modern software security techniques, and require multi-factor authentication for access. The AWS clouds meet several global security standards such as ISO 27001 and SOC.
Intrro never stores the raw file of imported data containing LinkedIn data and processes all contact information in memory. Intrro’s data is stored securely in a relational database on the Amazon Elastic Cloud. All connections to and from the server are encrypted all the way through. Any private keys used for encryption are encrypted themselves, when stored, on local computers only. Two-factor authentication is used on every hosting provider Intrro uses.
Physical SecurityIntrro does not store any data on-premises. We use AWS for all data storage and processing, which complies with stringent security requirements.
GDPRWe follow GDPR principles, including explicit consent, purpose limitation, security, the right to be forgotten, and more. You can read our new Privacy Policy to learn more about how we use and safeguard privacy and data.
Continuous Vulnerability ManagementWe use a third-party service to ensure that all of our dependencies are up-to-date and patched if a patch is available. When new known vulnerabilities are found, we are immediately notified of a recommended action to take. Critical vulnerabilities are typically patched same day and non-critical within 2 weeks.
RecoveryIntrro uses database replication and periodic snapshots to avoid data loss. In case of a data loss, we can use replicas to quickly recover to a known previous state.
Access Control & EncryptionOur employees know how to handle your data - we enforce multi-factor authentication for all internal systems and third-party services where it is supported, and an internal data access policy is required learning for new employees. No data on Intrro is ever transmitted on an un-secure connection, even between internal microservices.