Security

Data Processing & Security

Frequently Asked Questions on Data Security

Two badges with the word "CERTIFIED" at the bottom. Each badge has a banner across the top with "SOC 2" and the words "Type 1" and "Type 2" in the banners respectively, the left banner in yellow-green gradient and the right in blue-purple gradient.

Below are a list of frequently asked questions, and information of the handling of data at Intropic, and the information security measures in place throughout our platform.‍‍

  • Information Security Programme

    Intropic maintains a formal Information Security Programme aligned with the SOC 2 framework. This framework, developed by the American Institute of Certified Public Accountants (AICPA), provides industry-recognised standards for managing customer data securely. Our programme is communicated across the company and embedded in day-to-day operations.

    Independent Assessments

    We undergo regular third-party audits to validate the effectiveness of our security and compliance controls.

    Penetration Testing

    We conduct independent third-party penetration tests at least annually to ensure our security posture remains resilient and uncompromised.

    Roles and Responsibilities

    Security roles and responsibilities are clearly defined and documented. All team members are required to review and acknowledge our internal security policies.

    Security Awareness

    All employees complete security awareness training covering key topics such as phishing prevention, password management, and secure data handling practices.

    Confidentiality

    All team members sign a confidentiality agreement before joining, aligning with industry best practices.

    Background Checks

    We carry out background checks on all new hires in accordance with local regulations and employment laws.

    Cloud Infrastructure

    Our services are hosted on Amazon Web Services (AWS) and Microsoft Azure, both of which maintain robust security programmes and industry certifications. More details can be found on the AWS Security and Azure Security pages.

    Data Hosting

    All data is hosted within the European Union using AWS infrastructure. Refer to our cloud providers for further technical specifications and compliance documentation.

    Contact Us

    For any questions, concerns, or to report a security issue, please contact: security@intropic.io

  • GDPR & Data Privacy

    Yes. Our platform is fully compliant with the General Data Protection Regulation (GDPR).

    All data processed by Intropic is stored within the European Union. Specifically:

    • Data is hosted on Amazon Web Services (AWS) servers located in Ireland.

    • Where applicable, data may also be stored in Google Cloud Platform (GCP) services located in Belgium.

    Intropic does not transfer data for storage outside of the EU.

    We use cookies and analytics to understand product usage and improve platform performance. For full details on how we handle data, including cookies, please refer to our Data Privacy Statement.

    By accepting our Terms of Service, you confirm that you will not submit third-party personally identifiable information to Intropic unless a valid GDPR-compliant Data Sharing Agreement is in place.

  • If you believe you’ve discovered a security vulnerability, please review our Vulnerability Disclosure Policy for guidance on responsible reporting, expectations for researchers, and how we handle submissions.

    To report a vulnerability, contact us at security@intropic.io.

Continuously monitoring our overall security posture.

Documentation of our compliance against global standards including certifications, attestations, and audit reports, can all be found here.