At INVSBL, we understand that trust is the foundation of our relationship with you. Your data is our top priority. We know that by using our powerful algorithm and interface, you are trusting us with your valuable information and intellectual property. This page outlines the comprehensive measures we have in place to protect your data, ensure the integrity of our systems, and build a secure and trustworthy platform.
We are committed to maintaining the highest security standards, and to prove it, we are actively preparing for formal audits to achieve SOC 2 Type 1 and ISO 27001 certifications. These internationally recognized standards demonstrate our commitment to managing data security with a rigorous, evidence-based approach.
Our approach to security is built on three core principles:
We integrate security into every stage of our product development lifecycle, from initial design to final deployment. This means we build our systems with security in mind from the ground up, not as an afterthought.
We believe in being open about our security practices. We want you to understand how your data is handled and protected, especially as it interacts with our algorithm and third-party models.
The threat landscape is constantly evolving. We are dedicated to continuously monitoring, testing, and updating our security posture to protect against emerging threats and to meet the latest industry best practices.
Your data is at the heart of our service, and its privacy is non-negotiable.
We only collect the information necessary to provide and improve our Services, as outlined in our Privacy Statement.
When you use our Services, your input is sent to a third-party LLM (like OpenAI, Google, or Anthropic) for processing, as directed by our algorithm. We have contractual agreements in place that prohibit these providers from using your data to train their public models. We act as a trusted intermediary, ensuring your data is handled securely and only for the purpose of fulfilling your request.
We retain your data only for as long as necessary to provide our Services and to comply with legal obligations. You can request the deletion of your account and associated data at any time.
We have implemented a robust set of technical and organizational controls to protect our platform and your data.
Our Services are hosted on a leading cloud infrastructure provider with a proven track record of security and compliance. This includes physical security controls for data centers, redundancy, and advanced network security features.
All data transmitted between your device and our Services is encrypted using industry-standard protocols, such as TLS 1.2 or higher. This prevents unauthorized interception of your data.
All your data, including User Content, is encrypted at rest using strong encryption algorithms (e.g., AES-256). Even if our physical storage were compromised, your data would remain unreadable.
Our employees and contractors have access to your data only on a need-to-know basis. Access is strictly controlled, logged, and reviewed regularly.
We require MFA for all administrative access to our systems, adding an essential layer of security beyond a simple password.
We use modern, secure authentication mechanisms to protect your account login credentials.
Our engineering team follows a secure software development lifecycle, including regular code reviews, to prevent common vulnerabilities and security flaws.
We conduct regular penetration testing and vulnerability scans with independent security experts to proactively identify and address potential weaknesses in our application.
We maintain comprehensive internal security policies that govern our operations, data handling, and employee conduct. All employees are trained on these policies and our security responsibilities.
We have a detailed Incident Response Plan in place to ensure a swift and effective response to any security incidents or data breaches. This plan outlines clear communication protocols and recovery steps.
We are actively preparing for formal audits to achieve SOC 2 Type 1 and ISO 27001 certifications. This includes implementing the necessary controls and documentation to demonstrate our commitment to security, confidentiality, availability, and integrity. These certifications will provide independent, third-party validation of our security practices.
While we take extensive measures to protect your data, security is a shared responsibility. We encourage you to:
We welcome your questions about our security practices. For any security-related inquiries, please contact our team directly at contact@invsbl.dev.