Infraspeak's Trust Center
Overview
Our commitment to protecting your data
At Infraspeak, security is woven into every part of our platform and operations. We take a proactive approach to identifying risks, protecting information, and ensuring the confidentiality, integrity, and availability of all data we handle.
Measurable Objectives
Aligned with business goals
Proactive Risk Management
Continuous assessment
Secure-by-Design
Built-in security
Continuous Improvement
Regular enhancements
Transparent Collaboration
Open communication
Security Contact: cybersecurity[@]infraspeak.com
Compliance
ISO 27001
Information security management certification
GDPR
EU data protection compliance
Resources
Penetration Test Reports
Executive summary
ISO 27001 Certificate
Current certification
ISO Statement of Applicability
Coming soon
CAIQ Lite
Coming soon
Subprocessors
Third-party vendors with access to customer data
| Company | Service Purpose |
|---|---|
AWS, Inc.
|
Cloud Infrastructure |
Google Ireland Limited
|
All Products |
ContractBook, ApS
|
Contract Management |
Hubspot, Inc.
|
CRM & Marketing |
DealHub, Ltd.
|
Sales Process |
Twilio
|
Email Communication |
WorkOS, Inc.
|
Security, Single Sign-On |
Freshdesk
|
Customer Support |
Planhat
|
Customer Support |
Frequently Asked Questions
Common security questions answered
Where is Infraspeak data stored?
The data is stored and kept inside the EU datacenters (Ireland and Frankfurt).
Where can I find information about uptime and downtime?
In the event of prolonged unexpected downtime, we publish status updates on infraspeak.betteruptime.com
Do you encrypt data at rest and in transit?
All data is encrypted in transit through TLSv1.2 or superior with 256 bits encryption keys. The SSL certificate is signed with SHA-256 with an RSA key with 2048 bits. All data at rest is encrypted with AES-256-GCM.
What is your backup policy?
Through AWS Point-in-time recovery, we can restore database data to any point between the past seven days and the last 5 minutes. Backups are stored in different AWS regions (Ireland and Frankfurt). An automated backup is performed daily and maintained for seven days. A monthly backup is kept in a different EU location for 12 months. All backups are encrypted.
Data We Collect
Transparency about PII data collection
Limited Professional contact and identification data
Credit Card Information
Personal Health Information
Security Controls
Technical and organisational measures
Infrastructure Security
Infraspeak restricts privileged access to databases to authorized users with a business need.
System access restricted to authorized access only.
Infraspeak completes termination checklists to ensure that access is revoked for terminated employees within SLAs.
Infraspeak’s access control policy documents the requirements for the following access control functions:
- adding new users;
- modifying users;
- removing an existing user’s access.
Infraspeak uses an intrusion detection system to provide continuous monitoring of Infraspeak’s network and early detection of potential security breaches.
An infrastructure monitoring tool is utilized to monitor systems, infrastructure, and performance and generates alerts when specific predefined thresholds are met.
Infraspeak restricts privileged access and implements procedures for its assignment and monitoring, with automatic revocation at the end.
Host-based vulnerability scans are performed at least quarterly on all external-facing systems. Critical and high vulnerabilities are tracked to remediation.
Infraspeak’s databases are replicated to a secondary data center in real-time. Alerts are configured to notify administrators if replication fails.
Infraspeak leverages AWS multi-location strategy for production environments employed to permit the resumption of operations in the event of loss of a facility.
The use of resources shall be monitored and adjusted in line with current and expected capacity requirements.
An appropriate set of procedures for information labelling is developed and implemented in accordance with the information classification scheme adopted by the organization.
Organizational Security
Infraspeak has electronic media containing confidential information purged or destroyed in accordance with best practices.
Infraspeak maintains a formal inventory of production system assets.
Storage media is managed through its life cycle of acquisition, use, transportation and disposal in accordance with the organization’s classification scheme and handling requirements.
Infraspeak encrypts portable and removable media devices when used.
Infraspeak requires employees to sign a confidentiality agreement during onboarding.
Infraspeak requires passwords for in-scope system components to be configured according to Infraspeak’s policy.
Infraspeak tests their incident response plan at least annually
Infraspeak implement appropriate procedures to protect intellectual property rights.
Infraspeak establish, implement, maintain and continually improve an information security management system, including the processes needed and their interactions, in accordance with the requirements of ISO.
Rules for the secure development of software and systems are established and applied.
Secure coding principles are applied to software development.
Security testing processes are defined and implemented in the development life cycle.
Development, testing and production environments are separated and secured.
All data used for testing and development is either anonymized or synthetically generated to ensure that no real customer information is ever exposed
Information security requirements are identified, specified and approved when developing or acquiring applications.
Access to external websites is managed to reduce exposure to malicious content.
Infraspeak requires employees to complete security awareness training within thirty days of hire and at least annually thereafter.
Infraspeak has a documented risk management program in place that includes guidance on the identification of potential threats, rating the significance of the risks associated with the identified threats, and mitigation strategies for those risks.
Internal Security Procedures
Infraspeak has Business Continuity and Disaster Recovery Plans in place that outline communication plans in order to maintain information security continuity in the event of the unavailability of key personnel.
Infraspeak restricts access to migrate changes to production to authorized personnel.
Infraspeak has a formal systems development life cycle (SDLC) methodology in place that governs the development, acquisition, implementation, changes (including emergency changes), and maintenance of information systems and related technology requirements.
Infraspeak has security and privacy incident response policies and procedures that are documented and communicated to authorized users.
Infraspeak’s penetration testing is performed at least annually. A remediation plan is developed and changes are implemented to remediate vulnerabilities in accordance with SLAs.
Infraspeak’s board of directors meets at least annually and maintains formal meeting minutes.
Infraspeak management has established defined roles and responsibilities to oversee the design and implementation of information security controls.
Infraspeak’s information security policies and procedures are documented and reviewed at least annually.
Infraspeak has a data classification policy in place to help ensure that confidential data is properly secured and restricted to authorized personnel.
Processes for acquisition, use, management and exit from cloud services are established in accordance with the organization’s information security requirements.
The company’s approach to managing information security and its implementation including people, processes and technologies is reviewed independently at planned intervals, or when significant changes occur.
Infraspeak continually improve the suitability, adequacy and effectiveness of the information security management system.
Infraspeak establish and maintain contact with relevant authorities.
Infraspeak establish and maintain contact with special interest groups or other specialist security forums and professional associations.
Data and Privacy
Infraspeak has formal retention and disposal procedures in place to guide the secure retention and disposal of customer data.
Infraspeak purges or removes customer data containing confidential information from the application environment, in accordance with best practices, within 2 years from contract termination or upon request from the customer and/or the data subject, within contractual or legal determinations.
Infraspeak has a data classification policy in place to help ensure that confidential data is properly secured and restricted to authorized personnel.
Infraspeak applies pseudonymization techniques to limit the exposure of PII data when not necessary for business operations.
© 2025 Infraspeak. All rights reserved.