Innovator's DNA

security overview

privacy policyterms & conditionssecurity overviewGDPR commitment
Effective: May 1, 2018

Innovator’s DNA (referred to as “iDNA”) respects its customers’ and users’ privacy and takes significant efforts to protect all data stored on its applications.

Overview

iDNA will not use information gathered from its customers in any way, except as described when customers agreed to provide it.

Incident Response Plan

  • iDNA has implemented a formal procedure for security events and has educated all of its staff on its policies.
  • When security events are detected they are escalated to iDNA’s emergency alias.
  • Should a security breach occur, iDNA will promptly notify the customer within 72 hours.

Build Process Automation

  • iDNA has functioning, frequently-used automation in place to safely and reliably rollout changes.
  • Urgent security issues can be patched quickly when required.

Hosting

  • Hosted by Amazon Web Services (AWS), a SOC3-certified cloud provider.
  • All services and data are hosted in AWS facilities in the US West (Oregon) zone.
  • All servers are within a virtual private cloud with network access control lists.

Data

  • All information exchanged is encrypted and sent using SSL/TLS.
  • Weekly backups of customer data are encrypted and stored securely.

Policies

  • iDNA has and enforces a security policy and security training for all personnel.
  • iDNA does not disclose customer data of any kind to 3rd party vendors.

PCI Obligations

  • iDNA is not subject to PCI obligations. All payment processing is outsourced to Stripe.

Application Security

  • iDNA stores encrypted (bcrypt) passwords and does not give anyone access to passwords.
  • There are no shared accounts.

Information Security Policy

  • Remote access to servers is through a secure shell connection.
  • Access to remote servers is limited to authorized engineers.