Back to Help Center

Security

Security

What and where does Intrro store the data it collects?

Do you fill out security assessments?

Who is the security contact?

Single Sign-On

User Roles

Passwords

Application Infrastructure

Vulnerability Management

Intrusion Detection and Prevention

Logical Separation

Incident Response

Vulnerability Disclosure

Software Development Life Cycle

Data Encryption

Data Subprocessors

New SCCs & the GDPR

California Consumer Privacy Act

High Availability

Business Continuity

Disaster Recovery

Backups

Security Training

Risk Management

Security Policies

Vendor Management

Confidentiality Agreements

Endpoint Security

SOC 2 Type II

1. Definitions

2. Customer Data subject to EU Data Protection Law

3. Purpose and Scope

4. Security

5. Data Subject Rights

6. Customer Personal Data Breach

7. Sub-Processors

8. Audit

9. Impact Assessment

10. Data Deletion

11. Transfer Mechanisms

12. Customer Data subject to CCPA

13. Customer Data subject to LGPD

14. Customer Responsibilities

15. Liability

16. Term and Termination

17. General

Annex 1A

Annex 1B

Annex 1C

Annex 2

Annex 3

Compliance Documentation

Data Subjects Rights

Consent

Data Breach

SOC 2 Type II

Application Infrastructure

Intrrol utilizes industry-standard cloud infrastructure vendors to provide the Intrro service. Intrro's infrastructure is primarily managed through Amazon Web Services, and is complemented by additional secondary infrastructure vendors to provide specific features within the Intrro web application, like machine learning and natural language processing.

Primary infrastructure

Principally, the Intrro web application leverages Amazon Web Services for infrastructure hosting.

The  web application is hosted in the Amazon Web Services eu-west-2 region located in London, United Kingdom.

Amazon Web Services has been granted formal certification, attestation, and audit reports for ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3, and more – the full list of compliance resources is available on the Amazon Web Services Security page.

Feature-specific infrastructure

Intrro also makes use of secondary cloud infrastructure providers to process data for specific features of the web application. The use of these features is optional within the web application.

Data is sent to these providers temporarily and stored for a brief period of time in order to perform the functionality of the feature, and is subsequently permanently deleted after the functionality has been performed. No data is permanently stored or hosted within these infrastructure providers.

Machine Learning and Natural language processing

Intrro utilizes Google Cloud Platform for machine learning and natural language processing. Upon use of the Intrro web application’s network analysis feature, the text content to be  analyzed is sent to Google Cloud Platform. All communication with Google Cloud Platform is encrypted in transit using HTTPS and Transport Layer Security 1.2.

Google Cloud Platform stores the text sent to the Cloud Natural Language API for a short period of time in order to perform text analysis and then returns the results to the Intrro web application.

Google warrants that the stored text is typically deleted within a few hours. Google asserts that they do not use the content they process to train and improve their Cloud Natural Language features or machine analysis model.

The Intrro web application utilizes Google Cloud Platform computation located in South Carolina, United States in the us-east1 region.

Google Cloud Platform has been granted formal certification, attestation, and audit reports for ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3, and more – the full list of compliance resources is available on the Google Cloud Platform Security page.