Security & Compliance
Last updated: February 1, 2026
Enterprise Security
In Progress
GDPR
Compliant
CCPA
Compliant
256-bit SSL
Encryption
Our Security Commitment
At Inteliworks, security is not an afterthoughtβit's foundational to everything we build. We understand that you're trusting us with your business data and workflows, and we take that responsibility seriously.
This page outlines our security practices, compliance certifications, and the measures we take to protect your data.
1. Infrastructure Security
Cloud Infrastructure
- Hosting: Deployed on enterprise-grade cloud providers (Ionos VPS, AWS)
- Data Centers: Secure cloud facilities with physical security controls
- Redundancy: Multi-availability zone deployment for high availability
- Geographic Distribution: Edge network for global performance
Network Security
- DDoS protection and mitigation
- Web Application Firewall (WAF)
- Network segmentation and isolation
- Intrusion detection and prevention systems
- Rate limiting and abuse prevention
2. Data Encryption
Encryption in Transit
- TLS 1.3 encryption for all connections
- HTTPS enforced across all endpoints
- Perfect Forward Secrecy (PFS) enabled
- HSTS headers with preloading
Encryption at Rest
- AES-256 encryption for all stored data
- Encrypted database backups
- Encrypted file storage
- Key management with regular rotation
3. Application Security
Secure Development
- Security-first development lifecycle (SDLC)
- Mandatory code reviews for all changes
- Static application security testing (SAST)
- Dynamic application security testing (DAST)
- Dependency vulnerability scanning
- Regular penetration testing by third parties
Authentication & Access
- Secure password hashing (bcrypt/Argon2)
- Multi-factor authentication (MFA) support
- OAuth 2.0 and SAML SSO integration
- Role-based access control (RBAC)
- Session management with secure tokens
- Automatic session timeout
4. AI & Data Processing Security
AI Model Security
- Secure API connections to AI providers (OpenAI, Anthropic, Google)
- No training on your data by default
- Input/output filtering for sensitive data
- Prompt injection protection measures
- Rate limiting to prevent abuse
Data Handling
- Data minimization principles
- Configurable data retention policies
- PII detection and masking capabilities
- Secure data disposal procedures
5. Compliance & Certifications
| Framework | Status | Description |
|---|---|---|
| Enterprise Security | In Progress | Security, availability, and confidentiality controls |
| GDPR | Compliant | EU data protection regulation |
| CCPA | Compliant | California Consumer Privacy Act |
| ISO 27001 | Planned | Information security management |
| HIPAA | Enterprise | Healthcare data (BAA available) |
6. Access Controls
Employee Access
- Least privilege access principles
- Background checks for all employees
- Mandatory security training
- MFA required for all systems
- Access reviews and audits
- Immediate access revocation on termination
Customer Access Controls
- Granular permission settings
- Team and role management
- API key management with scoping
- Audit logs for all actions
- IP allowlisting (Enterprise)
7. Incident Response
We maintain a comprehensive incident response plan:
- 24/7 security monitoring and alerting
- Documented incident response procedures
- Incident classification and escalation paths
- Communication protocols for affected parties
- Post-incident review and remediation
- Breach notification within 72 hours (GDPR)
8. Business Continuity
- Daily automated backups
- Point-in-time recovery capability
- Geo-redundant backup storage
- Documented disaster recovery plan
- Annual DR testing
- RTO: 4 hours / RPO: 1 hour (see SLA)
9. Vendor Security
We carefully evaluate all third-party vendors:
- Security assessments before onboarding
- Data Processing Agreements with all processors
- Regular vendor security reviews
- Vendors must meet our security standards
Our current sub-processors are listed in our Data Processing Agreement.
10. Security Features for Customers
All Plans
- β TLS encryption
- β Secure authentication
- β Two-factor authentication
- β Activity audit logs
- β API key management
Professional+
- β SSO / SAML integration
- β Advanced audit logging
- β Custom data retention
- β Dedicated support
Enterprise
- β IP allowlisting
- β Custom security controls
- β HIPAA BAA available
- β Dedicated infrastructure
- β Security questionnaire support
Coming Soon
- β SCIM provisioning
- β Custom encryption keys (BYOK)
- β Private cloud deployment
- β Enhanced DLP controls
11. Responsible Disclosure
We appreciate the security research community's efforts to keep our users safe. If you discover a security vulnerability:
- Email: security@inteliworks.io
- Include detailed reproduction steps
- Allow reasonable time for us to respond and fix
- Do not access, modify, or delete user data
- Do not publicly disclose before we've addressed the issue
We commit to responding within 48 hours and will not take legal action against good-faith researchers.
12. Security Resources
- Security Whitepaper: Available upon request
- Security Documentation: Available upon request
- Penetration Test Results: Summary available upon request
- Security Questionnaires: We support SIG, CAIQ, and custom formats
13. Contact Security Team
- Security Issues: security@inteliworks.io
- Compliance Inquiries: compliance@inteliworks.io
- DPA Requests: legal@inteliworks.io
Need More Information?
Contact our security team for detailed documentation, compliance reports, or to schedule a security review.
Contact Security Team