indema’s back platform (Where you work) is hosted entirely on Amazon Web Services (AWS), providing end-to-end security and privacy features built in. Our team takes additional proactive measures to ensure a secure infrastructure environment. For additional, more specific details regarding AWS security, please refer tohttps://aws.amazon.com/security/.
indema’s front website is hosted on Endurance International Group (EIG) web servers on a Virtual Private Server (VPS) with a dedicated IP address.
Protecting Your Data
Protecting your data is of paramount importance and a constant focus here at Indema.
- Data is backed up daily and in some cases, more frequently than that.
- All access to the Indema website’s is restricted to HTTPS encrypted connections.
- All data retrieval (and posting) to connected social accounts is done via HTTPS and using a unique, per user, an access token (which you can revoke at any time).
- We never store credit card or payment details in our database. This is strictly stored and managed by Stripe to ensure maximum security. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available.
- User passwords are encrypted. Passwords are never stored in plain text. Even our engineering team have no way to know what the password is.
- Our internal passwords are changed on a monthly basis and are long-key passwords which include letters, numbers, and symbols.
Access to infrastructure and other aspects of the Indema environment, as well as customer data, is strictly limited to those within our team that absolutely need it. Employees can not access your account from our back end at all, and all support is completed with the help of the user.
- Only our Engineering team has access to our production environment. SSH keys are required for console access to servers in all of our environments and are changed on a weekly basis.
- Whilst we will often use aggregated snapshots of customer data to help us understand and identify performance, financial and business insights, we will only access individual customer records if it is necessary to do so in order to carry out a customer support request or a significant systems issue.How to Report a Security Incident: To report an incident of suspected abuse, misuse, or a security issue you have discovered you should contact support@Indema.co immediately. For incidents that affect a single account, please reach out to us via our usual support channels.
- Indema will acknowledge your report, usually within 1 business day.
- A point of contact will be assigned. This person will be responsible for keeping track of the issue, as well as keeping you updated. Please note that this person may need to liaise with you to better understand the reported issue and the circumstances around it.
- We will investigate the issue and determine the impact.
- In most cases, for security reasons it is likely that we will be unable to disclose details of the issue until our investigation has been completed.
- Once the issue has been resolved, we will post an update along with thanks and credit for the discovery.
Please contact us at Support@Indema.co with any questions or concerns.