Information Security

"Keeping your data safe, is critical to what we do."

Introduction

We at investory are serious about security. We respect your privacy and invest significant resources to protect your data.

Keeping your data safe is critical to everything we do. Therefore, we are committed to prevent all unauthorized access while supporting the information sharing needs between investors and companies.

Team & Responsiblity

Our management, development and infrastructure teams include people who have had leading roles in building, maintaining and auditing highly secure web applications.

While having people that know what they are doing is great, when something goes wrong, the management team of investory takes responsibility for making sure that your data is safe.

Access & Authentication

  • Access to investory is only allowed over https/ssl
  • The investory team does not have access to user’s financial data
  • Every privileged access must be approved and is only granted to named individuals
  • Login credentials are always transmitted, stored and processed in a secure manner

Data Storage & Transfer

  • All financial data is stored in the EU
  • All user data is encrypted with state-of-the art algorithms during transfer and at rest
  • All data of our users is stored in a centralized and hardened database with strict controls to ensure privacy and prevent unauthorized access between users. These controls are automatically tested every time our platform is updated

Infrastructure

  • Investory is run entirely in the cloud (Amazon Web Services), however all systems are always located in the EU
  • All our servers are in our own virtual private cloud, which is hardened to prevent unauthorized access
  • Data is regularly backed up and stored in an encrypted format

Secure Development

  • To roll out changes we use an automated deployment process that can safely and repeatedly change the platform in minutes
  • Manual and automated code reviews are done regularly
  • In case of errors or security incidents, we have automated monitoring solutions in place, which inform of us of any anomalous behaviour

Audits & Compliance

  • We regularly assess our security through automated assessment applications
  • We comply with all applicable privacy laws (see also our privacy policy) and only work with partners that are subject to the same standards
  • PCI compliance is not required, because all payment processing is outsourced