InCommon Security and Privacy
At InCommon, we are committed to ensuring the security and protection of our customers' confidential data. We understand that maintaining customer trust and confidence is of the utmost importance and take information security very seriously. Our security efforts encompass all aspects of our operations, including application development, system configurations, hosting services, and personnel security. We have implemented a variety of security features to safeguard our customers' data and ensure its confidentiality, integrity, and availability. We are dedicated to creating a secure and trustworthy environment for our customers and their information.
Organization People and Process
Background checks for all employees: We conduct background checks for all our employees to ensure that the company is not hiring individuals with a history of data breaches or other security-related incidents.
Regular security training: We perform security training which helps to ensure that employees are aware of the latest security threats and know how to protect customer data.
Incident response plan: We have a plan in place to quickly and effectively respond to security breaches.
Regular security audits: We have audits with our code releases to identify and fix any vulnerabilities in the company's systems.
Access controls: Only authorized employees have access to customer data.
Authentication is via email and password. Upon signing up for an account, we require users to enter a complex password. Supabase is our authentication management system. All passwords are encrypted and Supabase is SOC2 compliant and has a strong Data Processing Agreement for privacy.
Customer data can only be accessed with authenticated accounts with the correct role access determined by the organization attached to the user profile and an organization-s own role settings per user as No Access, User, Manager, and Admin.
Data Security and Availability
Customer data is hosted on Supabase, a SOC2 Type 1 compliant organization. Production data is never copied to development and is queried from a distinctly different API URL with different security keys - Production data is not ever mixed with other environment data.
Customer data is transmitted via TLS encryption to InCommon cloud server functions before being sent to an InCommon client website via HTTPS/TLS 1.3 encryption.
InCommon is hosted on Vercel, a SOC2 Type 2 compliant organization. Vercel is also GDPR compliant, has advanced access controls, and a model to help prevent unreliability due to DDoS.
In the event of privacy violations or concerns, please email email@example.com to formally file a complaint. We will work to address the issue as quickly and as securely as possible.