Introduction
We at investory are serious about security. We respect your privacy and invest significant resources to protect your data.
Keeping your data safe is critical to everything we do. Therefore, we are committed to prevent all unauthorized access while supporting the information sharing needs between investors and companies.
Team & Responsiblity
Our management, development and infrastructure teams include people who have had leading roles in building, maintaining and auditing highly secure web applications.
While having people that know what they are doing is great, when something goes wrong, the management team of investory takes responsibility for making sure that your data is safe.
Access & Authentication
Access to investory is only allowed over https/ssl
Every privileged access must be approved and is only granted to named individuals
Login credentials are always transmitted, stored and processed in a secure manner
Data Storage & Transfer
All financial data is stored in the EU
All user data is encrypted with state-of-the art algorithms during transfer and at rest
All data of our users is stored in a centralized and hardened database with strict controls to ensure privacy and prevent unauthorized access between users. These controls are automatically tested every time our platform is updated
Infrastructure
Investory is run entirely in the cloud (Amazon Web Services), however all systems are always located in the EU
All our servers are in our own virtual private cloud, which is hardened to prevent unauthorized access
Data is regularly backed up and stored in an encrypted format
Secure Development
To roll out changes we use an automated deployment process that can safely and repeatedly change the platform in minutes
Manual and automated code reviews are done regularly
In case of errors or security incidents, we have automated monitoring solutions in place, which inform of us of any anomalous behaviour
Audits & Compliance
We regularly assess our security through automated assessment applications
We comply with all applicable privacy laws (see also our privacy policy) and only work with partners that are subject to the same standards
PCI compliance is not required, because all payment processing is outsourced