Security & Trust

Our Commitment to Protecting Your Data

We take the security and privacy of your data seriously. Our platform is built with industry-standard safeguards, continuous monitoring, and a strong internal security culture. We are actively pursuing SOC 2 Type II compliance and follow best-practice controls across infrastructure, operations, and organizational processes.

Compliance & Certifications

SOC 2 (In Progress)

We are currently undergoing our SOC 2 Type II audit with an independent accredited auditor. This certification confirms that our security, availability, and confidentiality practices meet rigorous industry standards.

Status: In Progress
Expected Completion: Q1 2026
Request SOC 2 Report: Available upon audit completion

GDPR

We comply with GDPR requirements for data protection and processing of personal data for EU users.

Data Protection Agreements

A standard Data Processing Agreement (DPA) is available for all customers.

Security Practices

Encryption
  • Data at rest is encrypted using AES-256.
  • Data in transit is encrypted using TLS 1.2+.
Access Control
  • Strict role-based permissions with least-privilege principles
  • MFA required for all internal systems
  • SSO support for customers (SAML / OAuth)
Network & Infrastructure Security
  • Hosted on secure cloud infrastructure with industry-leading physical and network safeguards
  • Isolated environments for development, staging, and production
  • Firewalling, network segmentation, and continuous traffic monitoring
Secure Application Development
  • SDLC includes threat modeling and code review
  • Automated static and dynamic code analysis
  • Dependencies monitored for vulnerabilities
Vulnerability Management
  • Regular internal scanning and dependency patching
  • Third-party penetration tests conducted annually
  • Critical issues fixed within defined SLAs
Incident Response
  • Dedicated internal incident response team
  • 24/7 monitoring and alerting
  • Documented incident response plan with customer notification procedures
Business Continuity & Disaster Recovery
  • Daily automated backups
  • Redundant infrastructure across availability zones
  • DR testing conducted at least annually

Architecture Overview

A simplified, public-safe view — replace or customize as needed.

How Your Data Flows
  • User connects via secure HTTPS
  • API gateway enforces authentication and authorization
  • Application services process requests in isolated containers
  • Data is stored in encrypted databases

Data Management

Data Location

Your data is hosted in secure, compliant data centers within GCP in us-central1 in multiple AZ to provide High Availability.

Data Retention & Deletion
  • Customer data is retained for the duration of the service
  • Permanent deletion is performed within 30 days of account closure
  • Backups follow a rolling X-day retention schedule
Data Ownership

Customers retain full ownership of all data stored on or processed through our platform.

Frequently Asked Questions

Are you SOC 2 certified?

We are currently undergoing the SOC 2 Type II audit. A full report will be available upon completion.

Where is my data stored?

Your data is stored in secure data centers located in us-central1 in separated AZ to provide High Availability.

Do you perform penetration testing?

Yes — third-party penetration tests are conducted annually, and major findings are shared with customers as needed.

Can I get your security documentation?

Yes. SOC reports and internal policies can be provided under NDA.

Do you support SSO?

Yes, we support SSO via SAML and OAuth 2.0.

Contact Us

For any questions about security, compliance, or privacy:
Email: security@inaza.com

Last Updated: Nov 2025

Other Pages
AboutInaza CentralBlogCase StudiesCareersProduct UpdatesContactWho We ServeMGAs/CarriersBrokers/AgentsAmbassador ProgramPrivacy PolicyCookie PolicySecurity & Trust