Information Security

Introduction

We at investory are serious about security. We respect your privacy and invest significant resources to protect your data.

Keeping your data safe is critical to everything we do. Therefore, we are committed to prevent all unauthorized access while supporting the information sharing needs between investors and companies.

Team & Responsiblity

Our management, development and infrastructure teams include people who have had leading roles in building, maintaining and auditing highly secure web applications.

While having people that know what they are doing is great, when something goes wrong, the management team of investory takes responsibility for making sure that your data is safe.
Investory may generate aggregate data on the basis of user provided information, which will not include any personally identifiable information or data (anonymized). Examples of aggregate data include, but are not limited to, statistics aggregated across all our users to improve our service such as engagement, geographic locations and behaviour. Investory is free to use and disclose aggregate data for purposes including, but not limited to marketing, providing information on general industry trends or providing benchmarking analysis.

Access & Authentication

  • Access to investory is only allowed over https/ssl
  • Every privileged access must be approved and is only granted to named individuals
  • Login credentials are always transmitted, stored and processed in a secure manner

Data Storage & Transfer

  • All financial data is stored in the EU
  • All user data is encrypted with state-of-the art algorithms during transfer and at rest
  • All data of our users is stored in a centralized and hardened database with strict controls to ensure privacy and prevent unauthorized access between users. These controls are automatically tested every time our platform is updated

Infrastructure

  • Investory is run entirely in the cloud (Amazon Web Services), however all systems are always located in the EU
  • All our servers are in our own virtual private cloud, which is hardened to prevent unauthorized access
  • Data is regularly backed up and stored in an encrypted format

Secure Development

  • To roll out changes we use an automated deployment process that can safely and repeatedly change the platform in minutes
  • Manual and automated code reviews are done regularly
  • In case of errors or security incidents, we have automated monitoring solutions in place, which inform of us of any anomalous behaviour

Audits & Compliance

  • We regularly assess our security through automated assessment applications
  • We comply with all applicable privacy laws (see also our privacy policy) and only work with partners that are subject to the same standards
  • PCI compliance is not required, because all payment processing is outsourced