Customer feedback is sensitive. We treat it that way.
Encryption, access controls, regional data residency, and an audit log that survives an audit. Below is what's shipped today and what's on the near-term roadmap.
Encryption everywhere.
TLS 1.3 in transit. AES-256 at rest. Per-tenant data isolation. Customer-managed keys (BYOK) on enterprise.
Identity + access.
SSO via Okta, Azure AD, Google, OneLogin. SAML 2.0 + SCIM 2.0 provisioning. Role-based access. Audit log on every admin action.
Data residency.
Pick US, EU (Frankfurt), or APAC (Singapore). Your customer data stays in the region you choose, including backups.
Production reliability.
Multi-AZ deploys. Daily backups, point-in-time restore. 99.9% SLA on paid plans. Status page with incident history.
Audit + observability.
Tamper-evident audit log. SIEM export (Splunk, Datadog). Webhook events for security-relevant changes.
Privacy by design.
GDPR + CCPA compliant. DSR self-service. Data minimization on collection. Per-customer retention policies.
Where we stand, honestly.
We're pre-launch, so we won't claim certifications we don't hold. Here's exactly where we are today and where we're going.
- SOC 2 Type IIIn progress · Q3 2026
- ISO 27001Roadmap · 2026
- HIPAABAA available on enterprise
- GDPR · CCPACompliant today
- PCI DSSOut of scope (we don't store PAN)
Found a vulnerability? We owe you a thank-you.
Email security@informly.co — PGP key available on request. We acknowledge within 24h, triage within 72h, and publicly credit researchers (with permission) once a fix ships.