Security, Privacy & Reliability with IntegrateHQ
IntegrateHQ is trusted to securely process and synchronize the data of companies worldwide.
IntegrateHQ has been certified by independent third-party auditors as compliant with ISO/IEC 27001:2013.
Learn more about our certification and download our certification certificate here.
IntegrateHQ engages an independent third party to perform regular web application vulnerability testing and penetration testing of the platform. Click on the trust mark (left) to verify our status or download our "secure application" attestation here.
Data Privacy & GDPR
Platform Security & Reliability
We use reputable certified data centers to host the services we provide.
Amazon Web Services (AWS) in the USA: Our primary hosting provider is Amazon Web Services (AWS). We make full use of the best practice security and availability capabilities offered by AWS including Virtual Private Cloud (VPC) technology for network isolation and multi-availability zones for reliability. Read about AWS cloud security (https://aws.amazon.com/security) and SOC compliance (https://aws.amazon.com/compliance/soc-faqs/).
Hetzner in Germany: To further ensure the resilience and global accessibility of our services, we also utilize hosting services provided by Hetzner in Germany. This addition enhances our data processing capabilities within the European Union, aligning with our commitment to data privacy and GDPR compliance. Hetzner's servers are renowned for their high security, reliability, and adherence to European data protection standards. Read more about their ISO/IEC 27001 certification here: https://www.hetzner.com/unternehmen/zertifizierung/
We take the security of our internal and external networks very seriously. Communication between our servers and your business applications / web browser is encrypted.
Within our VPC network we employ public and private subnets. All application servers reside in private subnets and so have no public IP addresses; external communication is routed via NAT Gateways. Network security is multi-tiered including strict Network Access Control List rules, role based Network Security Groups, host IP Table restrictions and user based authorization. All user user interaction with IntegrateHQ services is encrypted over HTTPS/TLS. Access to the production VPC is restricted - only select team members responsible for maintaining operational stability of the application are able to connect to resources within the VPC.
Stored customer data is encrypted.
IntegrateHQ stores account information, user information and integration/connection configuration. If an integration is configured to do so, IntegrateHQ may also store integration related data. In all cases customer data is encrypted when stored ("encryption at rest").
- We do not store account payment (credit card) details, our 3rd party payment processor holds that information
- We store system backups for 5 weeks
- We store details of deleted accounts/users for up to 2 months
- We store application logs for up to 12 months (these do not contain customer data or personally identifiable information)
Integration processes execute in isolated, account unique, temporary run-time environments.
IntegrateHQ follows the serverless paradigm. Before each integration process executes a new, strongly isolated, integration execution run-time is provisioned 1. The integration runs to completion in this environment after which the environment, along with temporary artifacts created during the run, is destroyed.
1 When launching an integration in an "event triggered" fashion, if multiple event occur in rapid succession, the same run-time environment may be re-used to process each event sequentially. This re-use only happens for the same account running the same integration so there is zero risk of "cross account" data leaks.
Users must be explicitly authorized to access an IntegrateHQ account.
Each IntegrateHQ user requires their own sign-in credentials, and only your IntegrateHQ account administrators can grant access an IntegrateHQ account. The IntegrateHQ sign-in process supports, encourages and optionally enforces the use of multi-factor authentication during sign-in.
Our customer support team may only access your account if you explicitly authorize access from your "Profile and Preferences" page.
We have GDPR compliant data protection agreements in place with our sub-processors.
You can view our current list of sub-processors here.
GDPR Standard Contractual Clauses (SCCs)