Information Security"Keeping your data safe, is critical to what we do."
We at investory are serious about security. We respect your privacy and invest significant resources to protect your data.
Keeping your data safe is critical to everything we do. Therefore, we are committed to prevent all unauthorized access while supporting the information sharing needs between investors and companies.
Team & Responsiblity
Our management, development and infrastructure teams include people who have had leading roles in building, maintaining and auditing highly secure web applications.
While having people that know what they are doing is great, when something goes wrong, the management team of investory takes responsibility for making sure that your data is safe.
Access & Authentication
- Access to investory is only allowed over https/ssl
- Every privileged access must be approved and is only granted to named individuals
- Login credentials are always transmitted, stored and processed in a secure manner
Data Storage & Transfer
- All financial data is stored in the EU
- All user data is encrypted with state-of-the art algorithms during transfer and at rest
- All data of our users is stored in a centralized and hardened database with strict controls to ensure privacy and prevent unauthorized access between users. These controls are automatically tested every time our platform is updated
- Investory is run entirely in the cloud (Amazon Web Services), however all systems are always located in the EU
- All our servers are in our own virtual private cloud, which is hardened to prevent unauthorized access
- Data is regularly backed up and stored in an encrypted format
- To roll out changes we use an automated deployment process that can safely and repeatedly change the platform in minutes
- Manual and automated code reviews are done regularly
- In case of errors or security incidents, we have automated monitoring solutions in place, which inform of us of any anomalous behaviour
Audits & Compliance
- We regularly assess our security through automated assessment applications
- PCI compliance is not required, because all payment processing is outsourced