Intrro utilizes industry-standard practices concerning the encryption of data when stored and while in transmission. Intrro also has a documented cryptography policy that outlines the requirements for encrypting data and transmissions.
All data, including backups, is encrypted at-rest using AES-256 encryption.
Data is encrypted while moving between us and the browser with Transport Level Security (TLS) 1.2.
Secure Sockets Layer (SSL) certificates are issued and managed through Amazon Web Services, and HTTP Strict Transport Security (HSTS) is enabled.
Amazon Web Services (AWS) stores and manages data cryptography keys in its redundant and globally distributed Key Management Service (KMS). AWS KMS is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2, or are in the process of being validated, to protect your keys.
Users can delete projects and project data within Intrro if they have the correct access rights. Deleted project data is kept in a "trash" facility within the application and can be restored for up to 30 days before it is permanently deleted. It can take up to 60 days for all data to be removed from backups.
Users can delete their entire Intrro workspace if they have the correct access rights. This will delete all data that you have provided to Intrro. It can take up to 60 days for all data to be removed from backups.
Following the cancellation of a Intrro subscription, you will have at least 30 days to request a download your customer data from Intrro. After this period, we have no obligation to maintain or provide any customer data to you. We may delete all customer data provided to us after this period.
If you sign up for a trial workspace, we may keep any data you input for 30 days after your trial workspace period has ended so that the data may still be available if you later sign up for a paid workspace subscription. After these 30 days all data during your trial will be permanently deleted. It can take up to 60 days for all data to be removed from backups.
To support delivery of our Services, Intrro may engage and use data processors with access to certain Customer Data or Personal Information (each, a “Subprocessor”). This page provides information about each Subprocessor. Please email email@example.com if you have any questions.
In light of the new Standard Contractual Clauses adopted and approved by the European Commission, Intrro has revised our Data Processing Agreement to incorporate the SCCs.
In addition to our new Data Processing Agreement, we are also updating our internal privacy compliance program to meet the requirements of the new SCCs, by the 28 December 2022 deadline.
As we approach this regulatory deadline, we will communicate with our existing customers and provide information on how they can execute new agreements with the new SCCs. Existing customers contact us to enter into a new agreement that utilizes the new EU SCCs.
If you have any questions regarding data privacy and protection, the new SCCs, or our commitment to the GDPR, you can contact us.
The California Consumer Privacy Act (CCPA) gives consumers more control over the personal information that businesses collect about them.
Intrro does not currently meet the criteria described that would have the CCPA apply to our business operations. Namely because we do not:
However, we understand that some Intrro customers may want to ensure that their use of our services, and any California resident's personal information that we process on behalf on our customers, is compliant with their own obligations under the CCPA.
This page helps to clarify how we process any personal information on behalf of our customers as it relates to the CCPA.
You do not sell personal information to us. We will not:
Consumer rights requests
We will provide reasonable assistance to you in facilitating compliance with consumer rights requests.
On termination, you have the option to request the return or deletion of personal information. This request must be made within 30 days of termination. We will make the data available for download by you in a machine readable format. Thereafter we will permanently delete the personal information from the live systems in any event.
Following permanent deletion from the live systems, partial data resides on the our archival and backup systems for a period of up to 14 days.
For more information, please read our data retention documentation.
We will ensure that all employees, agents, officers and contractors involved in the handling of personal information are aware of the confidential nature of the personal information and are contractually bound to keep the personal information confidential.
For more information, please read about our employee confidentiality agreements.
Can my organization request to modify the DPA?
We are unable to accept modifications to our DPA.
Have you adopted the new Standard Contractual Clauses?
Yes. In light of the new Standard Contractual Clauses adopted and approved by the European Commission, we have updated out DPA to incorporate the SCCs. You can learn more at New SCCs & the GDPR.