At Infigo, security, reliability, and data protection are core to how we design, build, and operate our platform. We follow industry best practices and continuously invest in safeguarding our customers’ data through secure infrastructure, strong organizational controls, and modern encryption standards.

 

Hosting & Infrastructure

 

Cloud Platform

Infigo is hosted exclusively on Amazon Web Services (AWS), a leading cloud provider with internationally recognized security certifications, including:

• • ISO/IEC 27001:2013, 27017, 27018, 27701
  • SOC 1/2/3
  • CSA STAR certification

 

Regional Hosting

• • Platforms for the Americas are hosted in North Virginia (USA)
  • Other platforms are hosted in London (United Kingdom)
  • Each environment is isolated, monitored, and protected using AWS native security controls and industry-standard best practices

 

Data Security & Encryption

We use multiple layers of encryption and access control to safeguard customer data:

 

Data in Transit

All traffic to and from the platform is encrypted using TLS (Transport Layer Security) 1.2 or higher

 

Data at Rest

• • Databases, file storage, and backups are encrypted using industry-standard AES-256 encryption
  • File and media storage is encrypted and protected through secure AWS services

 

Access Controls

• • Access to systems and data is restricted through strict role-based access controls
  • Multi-factor authentication (MFA) is required for administrative access

 

Backups, Continuity & Resilience

To ensure data durability and service continuity:

• • Regular encrypted backups are performed in line with our Terms and Conditions
  • AWS cloud infrastructure provides built-in redundancy, environmental protections, and multiple layers of physical and network security
  • Monitoring and alerting systems are in place to detect and respond to unusual activity or performance issues

 

Data Ownership & Data Requests

 

Ownership

• • Customers always retain ownership of the data uploaded to their Infigo platform
  • Infigo’s intellectual property, codebase, and platform assets remain the property of Infigo

 

Data Deletion

• • Customer data can be permanently deleted upon request
  • Once data has been deleted, it cannot be recovered
  • Some limited transactional metadata (such as order information and IP addresses) may be retained as required for audit, legal, or operational purposes

 

Passwords & Account Security

We protect user credentials using:

• • Salted and hashed passwords stored using secure cryptographic methods to protect against rainbow table attacks
  • Configurable password policy options per customer platform
  • Enforcement of modern authentication and session management practices

 

GDPR & Data Protection Compliance

Infigo is fully committed to data protection and privacy and operates in compliance with:

• • GDPR (General Data Protection Regulation)
  • UK Data Protection Act
  • Customer Data Processing Agreements as applicable
  • We maintain appropriate technical and organizational measures to support GDPR-compliant processing and international data transfers

 

Secure Development & Coding Standards

Our engineering practices follow modern secure-coding principles:

• • All SQL (Structured Query Language) queries are parameterized to prevent injection attacks
  • User input is sanitized and validated
  • User-generated content is sanitized and escaped when displayed
  • Source control, peer review, automated testing, and secure CI/CD (Continuous Integration/Continuous Deployment) workflows
  • Independent development, QA (Quality Assurance), and pre-production environments

 

Change Management & Vulnerability Management

 

Change Control

• • Changes are managed through Infrastructure as Code (IaC) and Configuration as Code (CaC) principles
  • Changes are developed on independent feature branches
  • Testing and approval are applied before merging branches into main branches
  • Once a release candidate is signed off, a deployment slot is assigned

 

Security Monitoring

• • Continuous monitoring is in place for system events and security indicators (internal and external)
  • Regular vulnerability scans are conducted
  • Identified issues are remediated according to our internal SLAs (Service Level Agreements)
  • Updates and patches follow controlled release and approval processes

 

Penetration Testing

• • Infigo undergoes regular independent penetration testing and security assessments
  • Customers may perform their own penetration testing at their own cost and with prior written approval from Infigo

 

Use of Data for Support & Troubleshooting

We primarily use synthetic test data for development and investigation purposes. If access to real customer data is ever required to diagnose a production issue outside the production environment, this will only be done with:

• • Prior written approval from the customer
  • Data minimization and obfuscation applied wherever possible
  • Any temporary copies used for troubleshooting are securely deleted upon completion, and written confirmation of deletion is provided