Indicio uses a combination of encryption, highly trained staff, and technical safeguards to protect our customers’ data.

Indicio’s information security program includes measures such as:
- Encrypted and hashed passwords
- Active DDoS mitigation
- Extensive facility access controls
- Multi-factor authentication
- Comprehensive threat intelligence program
- Automated security scans of our systems
- Active penetration testing
- Rigid internal security awareness program and training for employees
- Indicio Vulnerability Reporting Program

Lastly, Indicio has a dedicated security advisory team with industry experts that scours our service for potential vulnerabilities, and helps our engineers ship secure code. 

Indicio publishes and strictly adheres to a privacy policy aimed at protecting all parties that interact with our service. Our Privacy Policy explicitly details the information we may collect about you, and how we will use that information.

Furthermore, Indicio strictly adheres to a data minimization policy by which logs are automatically deleted after 30 days (see Indicio’s privacy policy for more information).

To ensure the security of customer data throughout its lifecycle, Indicio encrypts information both at rest and when it is in motion.Data is stored with Advanced Encryption Standard (AES) 256-bit encryption when at rest.

Indicio fully recognizes the sensitive nature of the data that we handle, and that is why we’re committed to safeguarding all information we store from any unauthorized access.All customer data stored by Indicio is located in data centers secured by a third party, which offers unparalleled physical and information security. These servers are housed separately from Indicio’s corporate offices. Our data warehouse has been certified to meet ISO 27001. As an additional security measure, all of our servers hosting customer data can only be accessed via two-factor secured VPN. Indicio adheres to ISO 27001.

Our robust infrastructure security systems are supplemented by extensive logging and auditing protocols to prevent any instance of improper access by either internal or external parties. These policies and systems ensure that only those employees with a valid business purpose and specific permission have the ability to access sensitive, or customer-provided, data. Not only are all employees subject to mandatory screening, but these actions are also extensively logged and audited to ensure policy compliance.

Yes. Indicio is GDPR compliant.

Beyond customer financial information that is securely kept for billing purposes, and user passwords and location to allow access to the service, Indicio stores the following customer data:
‍
- Audit logs
- Uploaded or synchronized data
- Forecast results
- Third-party credentials for data integration

Indicio encrypts and stores this data securely. Indicio logs certain user actions. Logs are stripped from user-specific data, and all other customer data is deleted, or anonymized as applicable, after a subscription is terminated. Indicio stores encrypted database backups for a period of 3 months.
‍
Moreover, as stated above, Indicio has an entire infrastructure in place to ensure that this data cannot be accessed by any unauthorized party.

As detailed in the Indicio privacy policy, Indicio does not share any data or logged information with any other company, organization, or individuals except as required in the following situations:

- Satisfy a valid law enforcement request, or as required by law
- Enforce applicable Terms of Service, Terms of Use, or other contractual obligations
- In case of emergency, to protect the property, safety, security, and rights of Indicio, its users, or the general public

Plus, any request that is received is extensively reviewed to ensure compliance with all applicable laws, and it is Indicio’s policy to respond as narrowly as possible to best protect our customers’ privacy.

Yes, Indicio provides 2-factor authentication support from the following providers, and are in the process of expanding our service to include additional providers in the future:Google AuthenticatorAuthy

Yes, Indicio adheres to secure coding guidelines (including OWASP Secure Coding Practices) that address common software development vulnerabilities.

If you have discovered a vulnerability in our service, please contact us at security@indicio.com.

Indicio uses this data in one of two ways:

- (i) Indicio uses this data to provide our services to your organization, this includes everything from returning the query results, to providing recommendations of indicators, and sending out Notifications as configured by users in your organization; and (ii) Indicio uses unattributed query data to develop & improve our offerings.

These improvements may include, but are not limited to, providing a signal to our teams regarding what type of data to improve, what research to pursue, insight into trends, data enrichment and potential feature improvements.

Further, while Indicio only retains query logs for 30 days, these logs may be used in the event there's a security or other technical issue (subject to Recorded Future's strict internal access policies), and may be subject to valid legal requests.

Please view Recorded Future's Privacy Policy for more information.