DSP factsheet

Introduction

At Insly, we prioritize privacy and security. We follow the latest standards and compliance measures across infrastructure, processes, and product design.

Data privacy

Insly safeguards user privacy by strictly following applicable privacy laws. Insly is the data ‘controller’ of any information provided. This information remains secure and confidential.

Data minimization and anonymization

Only essential data is extracted to provide the requested services. Any unnecessary Personally Identifiable Information (PII) is anonymized or discarded. Insly limits data collection to the minimum required for service delivery.

Data security practices

To meet the highest standards in data security, Insly upholds the following principles:

• Strict data silos between tenants.

• SOC 2 Type II certified identification and authentication layer.

• Role-Based Access Control (RBAC) to enforce least privilege access across all roles.

• Fully GDPR-compliant data processing and sub-processor practices.

• Agreements with AI providers to meet enterprise-grade privacy standards.

Database-level data security

• Robust organization-based tenancy model keeps each client’s data isolated and secure.

• Advanced database security with connection-level access control maintains strict data silos across testing and production accounts.

• AES-256 encryption over TLS 1.3 for all network traffic ensures data confidentiality and protection.

Access control

• Dynamic Role-Based Access Control (RBAC) adjusts to meet organizational requirements, offering multi-level permissions.

• Quarterly access audits and ad-hoc access reviews ensure adherence to the least privilege principle.

• SOC 2 Type II certified authentication for secure access.

Purpose limitation and restricted retention

Data collected is used solely for contracted purposes.

Transparency in data use

Insly may use aggregated and anonymized data from extracted content to improve AI models or enhance service functionality. No individual data points are identifiable. Complete confidentiality is maintained.

Data processing and file handling agreements with LLM-related service providers

• Strict data handling agreements with LLM-related service providers mandate data deletion post-processing.

• Regular assessments of tools, including offerings by Anthropic, OpenAI, MS Azure, for compliance with privacy regulations.

• Customizable document retention period, with AES-256 encryption securing all files at rest.

Monitoring and incident response

• Real-time monitoring with expedited response mechanisms for critical incidents.

• Regular training equips employees to handle sensitive data and recognize security risks.

• The response includes detection, containment, eradication, and recovery steps to mitigate any security incident.

• Incident response transparency: Clients are notified promptly of any data breach, including mitigation steps and timelines.

Sub-processor transparency and accountability

For transparency, Insly provides a list of all third-party sub-processors used in data processing upon request. Each processor follows strict security protocols to ensure data protection compliance.

User rights and data requests

Users have the right to access, correct, or delete their data. Requests can be submitted through Insly’s contact channels. Responses are provided within 30 days, subject to verification requirements.

Compliance certifications and continuous monitoring

Insly performs regular audits and penetration tests as part of ongoing security monitoring to maintain high security standards. Automated tools and processes for compliance verification are in place.

Client-specific data protection options

Insly offers enhanced data protection measures upon request, including additional encryption and custom data deletion options for clients with specific regulatory needs.

Contact us

For detailed information or to report a security concern, contact:

• [email protected]