Encryption at rest
Insider provides access to web pages requiring username and password input over HTTPS protocol with SSL Certificates, ensuring that such login credentials are encrypted. The company employs industry-standard encryption technologies to secure all communication channels, safeguarding all end-user interactions with Insider through encrypted communication. Insider employs Transport Layer Security (TLS) to maintain the latest updates and configurations to ensure secure communications. Additionally, Insider employs the widely accepted AES-256 encryption algorithm to encrypt data on its servers while at rest. These measures reflect Insider's commitment to ensuring secure communications and data protection in accordance with the industry's best practices and customers’ expectations.
Internal Access to Data
Your visitor and account data stored on Insider's servers are protected. They cannot be accessed by employees or contractors unless required for a specific job function (e.g., providing customer support). In such cases, employees must use strong passwords and two-factor authentication to access Insider's servers.
Job Controls
In addition to strict rules and regulations for accessing data on our servers, Insider employees are required to complete security awareness training once a year and sign confidentiality agreements before they are allowed to access our servers. Once a year, all of our engineers must participate in secure code training covering the Open Web Application Security Project (OWASP) top 10 security flaws, common attack cases, and Insider's security controls.
Data Segregation
Insider provides each customer with a unique code snippet (JavaScript client), which separates the customer’s data from that of other customers.
Every customer's data is solely used for that customer and only accessed to provide support to that customer. Insider never shares or sells customer data to third parties. Our policy around data protection is clearly outlined in the Service Agreement and Data Protection Agreement (DPA).
Disaster Recovery and Failover
Insider was built with disaster recovery in mind. We use Amazon Web Services (AWS), a well-known cloud service provider. To mitigate service interruption risks in case of a disaster, we replicate sensitive data and keep it in multiple data centers. Our infrastructure and data are stored across three AWS availability zones. In case of a disaster or failure, services will not be interrupted.
We perform daily, weekly, and monthly data backups. For highly sensitive data, we run hourly backups. Headquartered in Singapore, we have multiple offices worldwide, providing localized services and support to ensure business continuity in case of a disaster.