We know how valuable data is to our users (of course - we love data!), and we want to make sure that you feel maximally safe and reassured when it comes to using our product and understanding how we use your data. Outlined below are all of the details showing our end-to-end view of making Infer the securest platform possible, using modern best practices for both applicational and operational (people) security in mind.
As part of our commitment to data security, we are currently partnering with Drata to complete our SOC 2 Type II audit.
Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company’s security controls, while streamlining compliance workflows end-to-end to ensure audit readiness.
The SOC 2 Type II audit requires at least 3 months of monitoring processes, which means we expect this to be fully completed in early Q2 2023. After that, these security processes will be continuously monitored and updated using Drata to ensure full compliance in perpetuity.
With Infer, the user has full control over what is or isn’t persisted.
By default, our design uses no or low persistence, depending on what is appropriate for the task at hand.
If the user has connected their data warehouse via dbt, their files are persisted only in that data warehouse, and are never stored by Infer (no persistence).
For queries executed on the Infer platform, the results are persisted for only as long as the user keeps the query in their query list (low persistence).
The deletion of an account results in the irretrievable deletion of all data related to that account, including projects, data files and results.
Read the details here.
For login and sign up, we allow the option for single-sign-on (SSO) with trusted third-party login providers, Google and LinkedIn.
This allows users to take advantage of their numerous security properties, like multi-factor authentication.
For traditional login, see our section on Encryption for security measures taken.
Any data uploaded to the Infer platform is encrypted at rest. The encryption keys are managed and rotated automatically by Amazon Web Services. For sensitive information used, like data source credentials (BigQuery, dbt, etc), we use AES-256-GCM encryption layer before they are stored in our database.
Data transmission from users to Infer and vice versa is encrypted using Transport Layer Security (TLS). This ensures browser requests are never unencrypted and guarantees secure, encrypted communication between your browser and the Infer platform.
Data Source Access and Privileges
Currently Infer only supports single-user accounts, so no data sources, queries, or results can be accessed beyond the single user. Later when we will add multi-user accounts with different levels of privileges and access to data sources and results.
Infer follows the DevOps best practice of using a policy of least privilege. This is done using AWS IAM roles. Using this setup means that only the relevant users who *need* access to your data for their work can access it.
Any changes to the underlying Infer code must undergo a thorough code review process by relevant engineering peers, as well as passing all of our automated testing that checks for potential issues in the code. Once approved, changes will only be applied to a staging environment, and require another level of approval to move these changes to the production environment.
Technical support is available via email (email@example.com) and in-app via Intercom. Organisations can also request a personal Slack channel for more fluid communication.