Privacy & Security

Our Approach to Security and Compliance

At Getint.io, we take security and compliance seriously, ensuring that user data is protected and that we meet industry standards. Our certifications reflect this commitment:

• ISO/IEC 27001:2013: Valid from July 26, 2023, to October 31, 2025, demonstrating strong security management practices.

• ISO/IEC 27018:2019: Active from July 26, 2023, to July 25, 2026, focused on safeguarding personal data in cloud environments.

• SOC 2 Type II: Examined between January 13, 2025, and April 12, 2025, confirmed by Prescient Assurance LLC.

Managing Log Retention

We provide flexible options for storing logs:

• Logs are kept for 14 days by default.

• Users can adjust storage from 1 to 14 days in SaaS environments.

• On-premise and data center deployments allow extended retention upon request.

• Logs can be fully disabled, while ticket metadata remains stored.

Protecting Data with Encryption

Security is a priority, so we apply encryption to stored and transmitted data:

• AES-256 encryption secures data at rest.

• SSL/TLS encryption ensures safe data transfers.

• Users can enable or disable encryption for logs and sensitive configuration data.

Data and Metadata Retention

We have clear policies for backups and metadata storage:

• Ticket metadata is always retained (specific details pending CTO confirmation).

• Retention rules for backups and configurations after offboarding require CTO approval.

Security in Development and Infrastructure

We follow structured security practices to protect our systems:

• Security scans run quarterly to detect vulnerabilities.

• Infrastructure monitoring tools help identify and resolve issues quickly.

Security Measures and Ongoing Vigilance

We use JSON Web Tokens (JWT) for user authentication, along with Role-Based Access Control (RBAC), ensuring that each user accesses only what their role permits. This approach helps maintain clarity and security in how access is managed across the platform.

Security is not a one-time setup. It’s something we monitor constantly. That’s why we’ve put a few additional measures in place.

• Bug Bounty Program: We invite independent researchers to test our system. If a potential issue is found, we address it quickly. This proactive stance helps us strengthen security in the real world, not just on paper.

• Cloud Fortified Status: This designation recognizes our commitment to stability, security, and best practices in cloud operations. It reflects the steps we take every day to protect the platform and the people who rely on it.

These efforts, combined with certifications and established security protocols, are all part of how we keep trust at the core of everything we build.

Controlling Access and Permissions

We limit access based on roles and responsibilities:

• Role-Based Access Control (RBAC) ensures permissions align with user needs.

• Quarterly access reviews keep security policies up to date.

• Privileged access is monitored and audited.

Incident Response Plan

We have a clear process for handling security issues:

• The Incident Response Plan is tested annually.

• Any security or privacy concerns are addressed and communicated promptly.

• No incidents were reported during the SOC 2 review period.

Third-Party Security (AWS)

AWS provides additional security measures for our data centers:

• Physical access is strictly controlled with CCTV monitoring.

• Security protocols are reviewed regularly to maintain high standards.

Ongoing Security Improvements

We conduct annual assessments to evaluate and strengthen security controls. Any issues are quickly addressed, with management actively involved.

Security and compliance are central to our operations, and we remain committed to protecting user data while maintaining transparency in our practices.

Contact Us

If you have questions or need further information about our security and compliance policies, feel free to contact us at our Support Center.

We’re here to assist you and ensure that you have the information you need.