Security at Inverity
We take security seriously. Your data is protected by industry-leading encryption, access controls, and compliance standards.
Security Features
Encryption
TLS 1.3 in transit, AES-256 at rest. All data transmitted to and from Inverity is encrypted using TLS 1.3. Assets stored in S3 are encrypted at rest using AES-256.
Authentication
OAuth 2.0 and API key authentication. CMS integration uses OAuth 2.0. API access uses bearer token authentication with per-tenant scoping and role-based permissions.
Access Control
Five role levels (viewer, editor, manager, admin, super_admin) with hierarchical permissions. All access is logged in an append-only audit trail.
Data Isolation
Multi-tenant architecture with strict separation. All database queries, S3 buckets, and job processing are scoped to tenant ID. No cross-tenant data leakage is possible.
Infrastructure
Inverity runs on AWS infrastructure with SOC 2 Type II compliant providers. Assets are stored in S3 with versioning and lifecycle policies enabled.
Compliance
Inverity processes data in accordance with GDPR and CCPA. Enterprise customers receive DPA and BAA upon request.
Security Practices
Vulnerability Management
Regular security audits and penetration testing. Automated dependency scanning for CVEs. Bug bounty program for responsible disclosure. Security patch deployment within 48 hours of disclosure.
Data Protection
Assets stored in private S3 buckets with signed URL access. Automatic expiration of temporary credentials. Version history maintained for rollback capability. Data deletion within 30 days of account termination.
Operational Security
Least-privilege access for internal systems. Multi-factor authentication required for admin access. Encrypted secrets management via AWS Secrets Manager. Incident response plan with defined escalation paths.
Monitoring & Alerting
Real-time anomaly detection on API traffic. Automated alerts for failed authentication attempts. Audit log retention for 1 year (7 years for Enterprise). Regular review of access logs and permission grants.
Compliance & Certifications
SOC 2 Type II
In progress — expected completion Q3 2026.
GDPR Compliant
Full GDPR compliance with DPA available on request.
CCPA Ready
California Consumer Privacy Act compliance.
CMS Integration Security
Inverity connects to your CMS account via OAuth 2.0, the industry-standard authentication protocol. We only request the minimum permissions required to access your file manager.
OAuth 2.0 Authorization
Secure, time-limited tokens with automatic refresh.
Minimal Permissions
File manager access only — no contact, form, or email access.
Revocable Access
Disconnect from your Inverity dashboard at any time.
Audit Logged
All sync operations are tracked in the audit log.
Responsible Disclosure
If you discover a security vulnerability in Inverity, we ask that you report it responsibly.
How to Report
Email security@inverity.ai with details of the vulnerability. Please include description, steps to reproduce, potential impact, and any proof-of-concept code (optional).
Our Commitment
We will acknowledge receipt within 24 hours and provide a timeline for resolution. We do not take legal action against security researchers who follow responsible disclosure practices.
Bug Bounty
We offer rewards for qualifying vulnerabilities. Contact us for details on our bug bounty program.
Questions about security?
Enterprise customers can request our full security documentation, SOC 2 report, and DPA.