The Insider Trust Center is your central hub for everything related to security, compliance, and privacy at Insider. It consolidates our certifications, privacy frameworks, security controls, and partner panel settings into a single, easy-to-access location. Our goal is to give you complete transparency into how we protect your data and demonstrate our ongoing commitment to maintaining the highest security and compliance standards.
1.Security Compliance
Insider follows industry-standard security and data protection practices and undergoes regular independent assessments. On this page, we share the security certifications and audit reports that are available to you upon request.
SOC 2 Type II
SOC 2 Type II (Service Organization Control 2, Type II) is an independent audit framework developed by the American Institute of Certified Public Accountants (AICPA). It evaluates how a company manages customer data based on five Trust Service Criteria — Security, Availability, Processing Integrity, Confidentiality, and Privacy.
Our SOC 2 Type II report demonstrates that our security controls are not only designed effectively but also operated effectively over time. This provides our business partners with independent assurance that we maintain strong, consistent safeguards for protecting their data.
Requesting the SOC 2 Type II report
Before submitting your request, please ensure that a mutual NDA between your company and Insider is already in place.
To request access to Insider’s SOC 2 Type II report, send an email to solution-consulting@useinsider.com.
Please include the following details in your email:
Your full name
Your company name
The purpose of your request (for example: vendor security review, internal audit, procurement process)
Our team will review your request and share the report if it meets our sharing criteria.
ISO/IEC 27001:2022
ISO/IEC 27001 is the international standard for Information Security Management Systems (ISMS). It provides a systematic framework for managing sensitive company and customer information, ensuring it remains secure through a combination of risk management, continuous improvement, and governance controls.
Our ISO 27001 certification confirms that we adhere to globally recognized best practices for protecting the confidentiality, integrity, and availability of information across our SaaS infrastructure, operations, and product development lifecycle.
Refer to our ISO 27001:2022 Information Security Management System Certificate.
2.Data Privacy
This section outlines Insider’s commitment to protecting personal data and maintaining compliance with global privacy regulations. It also provides details on our privacy certifications, agreements, and compliance documentation.
Insider acts as a data processor, handling the personal data you share through our platform in accordance with your instructions and the terms of our service agreement. You remain the data controller, maintaining ownership and responsibility for the data you process using Insider’s services.
Within this framework, Insider enables you to manage and process personal data securely, efficiently, and in full compliance with applicable privacy laws through our digital marketing technologies and tools.
GDPR Compliance and ePrivacy Seal
The ePrivacy Seal is a data compliance certification issued by the independent organization ePrivacy GmbH. It verifies the compliance of companies and software products with the GDPR and European data protection standards through a comprehensive assessment of data processing activities, technical and organizational measures, and privacy policies.
The ePrivacy Seal is granted for a period of three years. At the end of each term, the documentation, technical, and organisational measures are reviewed to ensure continued compliance with the regulations.
Insider has continuously held the ePrivacy Seal since 2020.
HIPAA Compliance
Insider takes the privacy and security of sensitive information seriously and complies with the Health Insurance Portability and Accountability Act (HIPAA).
Our administrative, physical, and technical safeguards include established policies and procedures, ongoing employee training, secure hosting in AWS data centers with restricted access, state-of-the-art encryption, and continuously updated security measures. To further ensure the protection of Protected Health Information (PHI), Insider offers a Business Associate Agreement (BAA) upon request, setting out responsibilities, safeguards, and procedures for handling PHI.
Refer to our Insider's HIPAA Compliance, or please get in touch with privacy@useinsider.com to learn more.
Insider’s Data Processing Agreements
Insider provides region-specific Data Processing Agreements (DPAs) to help you meet global privacy and data protection requirements. You can review the relevant agreement for your region in the list below.
Sub-Processors
Insider might utilize various sub-processors. The specific sub-processors engaged will depend on the product you use and your geographic location.
To view the full list of sub-processors, refer to Insider’s Sub-Processors.
Insider utilizes AWS data centers across various regions to store its data. For example, the end-user data of our partners in the EU is stored on servers within the EU, while the end-user data of our partners in Australia is stored on servers located in Australia.
For details on Insider’s data storage regions and server locations, refer to the Sub-Processors list.
Data Categories
You control what types of personal data are submitted to Insider Services. The scope and extent of this data are fully determined by your organization. This may include personal data related to your end users.
You can choose to submit various categories of personal data to the Services, including but not limited to:
End-user (website and app visitor) transaction information (e.g., order or request details)
Marketing information collected through Insider JavaScript or cookie-based technologies
Clickstream data
Duration of visits to websites or advertisements
IP address
In addition, although these are not typically processed as part of the standard Insider Services, Insider may process other data categories if you choose to enable specific features. These additional categories are determined by your configuration and the data inputs you provide.
MindBehind Chatbot
MindBehind offers NLP and LLM-powered communication solutions, enabling you to connect with your end-users across various messaging platforms. In this context, Insider processes the personal data contained in messaging content to provide the MindBehind product. Insider, through contractual safeguards, ensures that such data will neither be retained nor used for AI training or any other purpose beyond the provision of the MindBehind Services.
3.Security Management
In today’s digital landscape, organizations increasingly rely on third-party vendors to deliver critical services. As a result, evaluating the security posture of those vendors has become an essential part of every company’s risk management process.
We understand that you need transparency and assurance when partnering with us. This Security Management section has been created to help you and your security teams conduct the vendor security assessments efficiently.
Here, you will find detailed information about our security controls, certifications, policies, and operational practices that demonstrate how we protect your data across our cloud infrastructure and SaaS environment.
Our goal is to make your vendor review process easier by providing clear, verifiable evidence of how we maintain the confidentiality, integrity, and availability of your information, aligned with leading frameworks such as SOC 2 Type II and ISO 27001.
Cloud Security Alliance (CSA) – CAIQ
The Consensus Assessment Initiative Questionnaire (CAIQ), developed by the Cloud Security Alliance, provides a set of industry-accepted questions for assessing the security capabilities of cloud providers. It helps organizations evaluate the risk associated with cloud services in a standardized manner.
You can access Insider’s CAIQ to review our responses to the Cloud Security Alliance’s standardized security questionnaire and learn more about our cloud security practices.
Insider Security Controls
At Insider, security is embedded in every layer of our operations, from infrastructure and code to people and processes. Our Security Controls framework is designed to systematically identify, assess, and mitigate risks across the organization.
These controls serve our partners by ensuring that their data is protected with industry-leading standards, that our systems remain resilient, and that we operate in full compliance with applicable regulations and best practices.
The following controls form the foundation of Insider’s security management system. Each represents a key pillar in maintaining trust, transparency, and operational excellence across our platform.
Enterprise Risk Management Program
Insider maintains a structured program to identify, assess, and manage organizational risks across business, operational, and security domains. This enables proactive risk mitigation and informed decision-making at every level.
Change Management
All system and application changes follow a controlled process involving review, approval, and testing to ensure stability, minimize risk, and maintain continuous service integrity.
Secure Software Development Life Cycle (SSDLC)
Security is integrated into every phase of our software development process, from design and coding to testing and deployment, ensuring that vulnerabilities are prevented or detected early.
Technical Vulnerability Management
Insider conducts regular vulnerability assessments and applies timely patches and mitigations to reduce exposure to known threats and maintain a strong security posture.
Quality Assurance
Dedicated QA processes and automated testing help ensure that all releases meet strict quality, performance, and security standards before deployment.
Endpoint Security
All company endpoints (laptops, mobile devices, servers) are secured with encryption, EDR (Endpoint Detection and Response), and compliance monitoring to prevent unauthorized access and data loss.
Identity & Access Management (IAM)
Access to systems and data is controlled using strong authentication, least privilege principles, and periodic access reviews to ensure only authorized personnel can reach sensitive information.
Zero Trust Network Access (ZTNA)
Insider operates under a Zero Trust model, verifying every connection and user, regardless of location or network, to ensure secure and context-based access to internal systems.
Monitoring
Continuous monitoring of infrastructure, applications, and network activity enables us to detect, investigate, and respond to anomalies or potential security threats in real-time.
Incident Management
A well-defined incident response process ensures rapid identification, containment, and remediation of security incidents, minimizing potential impact and ensuring transparency with stakeholders.
Business Continuity & Disaster Recovery (BC/DR)
Comprehensive BC/DR plans enable Insider to maintain service availability and quickly recover from disruptions, ensuring operational resilience and customer confidence.
Backup
Critical data is backed up securely and regularly, following defined retention policies and encryption standards, ensuring data integrity and recoverability in case of loss.
Vendor Management Program
Insider assesses and monitors third-party vendors for security and compliance risks throughout the vendor lifecycle, ensuring they meet Insider’s standards for data protection and reliability.
Penetration Test Executive Summaries
Insider conducts regular third-party penetration tests to identify and address potential vulnerabilities before they can impact our business partners.
To maintain confidentiality, full reports are not publicly shared. However, you can request access to the executive summaries of the last three tests.
Requesting Penetration Test Executive Summaries
To request access to Insider’s latest penetration test executive summaries, send an email to solution-consulting@useinsider.com.
Please include the following details in your email:
Your full name
Your company name
The purpose of your request (for example: vendor security review, internal audit, procurement process)
Our team will review your request and, if eligible, share the executive summaries of the last three penetration tests.
4.Panel Security
The Panel Security section highlights how Insider protects partner accounts and user activities within the Insider platform. It covers the security architecture, default configurations, and customizable controls that safeguard partner environments and user data.
Through a combination of strong authentication, access control, encryption, and monitoring, Insider ensures that all operations within the panel are protected against unauthorized access and malicious activity.
This means confidence that your teams can securely manage campaigns, customer data, and integrations, with Insider enforcing the same high security standards that underpin our entire SaaS ecosystem.
How does it help you?
Keeps all panel operations, such as login, configuration, and data management, secure and continuously monitored.
Allows you to customize security settings to match your organization’s internal policies (for example, session duration or IP restrictions).
Provides transparency and control, enabling your security and compliance teams to meet corporate and regulatory standards easily.
Why should you use it?
The Insider panel serves as a secure, centralized workspace for managing engagement, personalization, and data activities. By using its built-in security controls, you can:
Protect user identities and ensure data integrity.
Maintain compliance with global frameworks such as SOC 2 Type II and ISO 27001.
Operate confidently within Insider’s enterprise-grade security environment.
Default Security Settings in InOne
The Default Security Settings define the baseline protection every Insider partner benefits from automatically. These pre-configured controls deliver strong security right out of the box, reducing setup effort and ensuring a safe operating environment from day one.
They include password complexity, session management, secure data transfer, encryption standards, and authentication methods. Together, these measures ensure that all your accounts, APIs, and data interactions meet Insider’s global security standards.
You can further customize these controls within the InOne panel to match your organization’s internal policies, for example, applying IP restrictions or adding extra authentication layers.
Here are the default security controls available to you:
Password Policy
LLM Content Checker
Panel Security Settings
While Insider provides strong default protection for all business partners, we also believe that every organization should have the flexibility to enhance and customize its own security posture.
The Panel Security Settings section showcases the security features that you can enable, configure, and monitor directly within the InOne panel. These settings empower you to apply your organization’s security policies, such as IP restrictions, authentication controls, and domain-based access rules, without requiring Insider’s intervention.
Here are the features of Panel Security Settings: