Security & Privacy
We take the security of our systems seriously. The Infodeck team is committed to the continual improvement of information security. Our practices follow industry-set baselines and best practices.
ISO 27001:2022
Information Security Management
SOC 2 Type II
Service Organization Controls
GDPR Compliant
EU Data Protection Regulation
Cloud Platform Security
Our offerings are meticulously designed to empower organisations in safeguarding their data within a robust and secure cloud infrastructure.
Data in Transit
Uses HTTPS with TLS v1.2+ minimum. Encryption employs SHA256 ECDSA for signing and SHA256 RSA for compatibility.
Data at Rest
Implements AES-256 encryption for sensitive data repositories following NIST Special Publication 800-175B standards. Full disk encryption required for all employee devices.
2-Factor Authentication
One-time passwords (OTP) provide secondary login security with time-limited validity. Organisation-wide 2FA enforcement available on all plans.
Role-Based Access Control
Platform data accessible only to administrators with assigned specific roles. Multi-location RBAC available on Professional and Enterprise plans.
Vulnerability Management
Preventive Maintenance
Critical security patches installed promptly. Regular preventive maintenance conducted without disrupting business operations.
Endpoint Security
All staff laptops accessing Infodeck systems undergo continuous monitoring and vulnerability scanning.
Remediation Process
Engineering teams address reported vulnerabilities tracked through management systems with severity-based SLAs for prioritization.
Responsible Disclosure
We value input from security researchers and believe disclosing vulnerabilities helps protect user data and privacy.
Report security vulnerabilities to:
security@infodeck.ioData Protection Officer
An appointed Data Protection Officer oversees privacy and compliance activities.
Data Retention & Portability
Data Retention
Information retained as long as necessary for stated purposes, legal compliance, and fraud prevention. Users can request deletion before account removal.
Data Portability
Export your data anytime in CSV, JSON, or XML formats. Your data belongs to you — we earn your business through value, not by holding your data hostage.
Third-Party Integrations
All integrations use OAuth v2.0. Tokens and customer information remain protected and unexposed.
Have Security Questions?
Our team is happy to discuss our security practices in detail.