Introduction
At Insly, we prioritize privacy and security by adhering to the latest standards and compliance measures across infrastructure, processes, and product design.
Data Privacy
Insly safeguards user privacy by strictly following applicable privacy laws. Insly is the data ‘controller’ of any information provided, ensuring it remains secure and confidential.
Data Minimization and Anonymization
Only essential data is extracted to provide requested services, and any unnecessary Personally Identifiable Information (PII) is anonymized or discarded. Insly prioritizes privacy by limiting data collection to the minimum required for service delivery.
Data Security Practices
To meet the highest standards in data security, Insly upholds the following principles:
- Strict data silos between tenants.
- SOC 2 Type II certified identification and authentication layer.
- Role-Based Access Control (RBAC) to enforce least privilege access across all roles.
- Fully GDPR-compliant data processing and sub-processor practices.
- Agreements with AI providers to meet enterprise-grade privacy standards.
Database-Level Data Security
- Robust organization-based tenancy model keeps each client’s data isolated and secure.
- Advanced database security with connection-level access control maintains strict data silos across testing and production accounts.
- AES-256 encryption over TLS 1.3 for all network traffic ensures data confidentiality and protection.
Access Control
- Dynamic Role-Based Access Control (RBAC) adjusts to meet organizational requirements, offering multi-level permissions.
- Quarterly access audits and ad-hoc access reviews ensure adherence to the least privilege principle.
- SOC 2 Type II certified authentication for secure access.
Purpose Limitation and Restricted Retention
Data collected is used solely for contracted purposes.
Transparency in Data Use
Insly may use aggregated and anonymized data from extracted content to improve AI models or enhance service functionality. However, no individual data points are identifiable, maintaining complete confidentiality.
Data Processing and File Handling agreements with LLM related service providers
- Strict data handling agreements with LLM related service providers, mandating data deletion post-processing.
- Regular assessments of tools, including offerings by Anthropic, OpenAI, MS Azure, for compliance with privacy regulations.
- Customizable document retention period, with AES-256 encryption securing all files at rest.
Monitoring and Incident Response
- Real-time monitoring with expedited response mechanisms for critical incidents.
- Regular training equips employees to handle sensitive data and recognize security risks.
- The response includes detection, containment, eradication, and recovery steps to mitigate any security incident.
- Incident response transparency: Clients are notified promptly of any data breach, including mitigation steps and timelines.
Sub-Processor Transparency and Accountability
For transparency, Insly provides a list of all third-party sub-processors used in data processing upon request. Each processor follows strict security protocols to ensure data protection compliance.
User Rights and Data Requests
Users have the right to access, correct, or delete their data. Requests can be submitted through Insly’s contact channels, with responses within 30 days, subject to verification requirements.
Compliance Certifications and Continuous Monitoring
Insly performs regular audits and penetration tests as part of ongoing security monitoring to maintain high security standards. Automated tools and processes for compliance verification are in place.
Client-Specific Data Protection Options
Insly offers enhanced data protection measures upon request, including additional encryption and custom data deletion options for clients with specific regulatory needs.
Contact Us
For detailed information or to report a security concern, contact us at: info@insly.com
