Legal
Security Policy
Security is not a feature at Ingrowlogy — it is an architectural principle. Every decision begins with: how do we keep our customers' data safe?
Security Controls
- AES-256 encryption for all data at rest
- TLS 1.3 for all data in transit
- Multi-factor authentication for all internal systems
- Role-based access control with quarterly reviews
- 24/7 SIEM monitoring and anomaly detection
- Annual third-party penetration testing
- Automated vulnerability scanning on all code changes
Infrastructure
Our platform is hosted on leading cloud infrastructure with multiple availability zones, automated failover, and 99.9% uptime SLA. Physical security controls are maintained by our infrastructure providers.
Incident Response
We maintain a documented Incident Response Plan tested semi-annually. In the event of a confirmed security incident affecting customer data, we will notify affected customers within 72 hours of discovery.
Reporting Vulnerabilities
Report potential vulnerabilities to security@ingrowlogy.com.
Please do not publicly disclose until we have had 90 days to investigate. We acknowledge within 48 hours.