Security isn't just a feature; it's the foundation of everything we do at Inperson. Our commitment to security and privacy is rooted in our desire to be a trusted partner for our customers.
At Inperson, our team develops and enforces comprehensive security policies and controls. These are monitored continuously to ensure compliance and effectiveness. We leverage the robust security features provided by AWS, a platform that meets a broad set of international and industry-specific compliance standards.
All datastores with customer data, in addition to S3 buckets, are encrypted at rest. Encryption keys are managed by AWS.
Inperson uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. Server TLS keys and certificates are managed by AWS.
Encryption keys are managed via AWS Key Management System (KMS). KMS stores key material in Hardware Security Modules (HSMs), which prevents direct access by any individuals, including employees of Amazon and Inperson. The keys stored in HSMs are used for encryption and decryption via Amazon’s KMS APIs.
Application secrets are encrypted and stored securely via AWS environment variables, and access to these values is strictly limited.
We conduct regular penetration testing to identify and address potential vulnerabilities within our systems and infrastructure.
Our development lifecycle includes rigorous vulnerability scanning to ensure the security and integrity of our code and products. Vulnerability scanning tools are employed in our AWS infrastructure to constantly monitor our assets.
All corporate devices are equipped with mobile device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. We use MDM software to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates.
Inperson engages with vendors through a thorough security assessment process to ensure they meet our high security standards. Vendor compliance is documented and assessed regularly. Requirements are based on an analysis of vendor access to company or customer data and integration with production environments.
All employees receive regular training on security best practices and the latest in threat intelligence.
We implement stringent identity and access management protocols to safeguard against unauthorized access. Inperson uses Google Workspace for corporate identity management, and AWS IAM for identity and access management to cloud resources. Inperson employees are granted access to applications based on their role, and are deprovisioned upon termination of their employment. Further access must be approved according to the policies set for each application.
Inperson is committed to upholding the highest standards of data privacy, ensuring that all customer information is handled with care and confidentiality.
If you have identified a potential security concern, please reach out to us at firstname.lastname@example.org so we can investigate and respond appropriately.