Schedule a Demo

Security & Trust

Last Reviewed: March 2026

At Incenva, security is fundamental to how we build and operate our platform. We are committed to protecting the confidentiality, integrity, and availability of our systems and the data entrusted to us.

Infrastructure & hosting

The Incenva platform is hosted on Digital Ocean. Our infrastructure leverages the physical and environmental security controls of our cloud provider, which maintains industry-leading certifications including SOC 1, SOC 2, ISO 27001, and PCI DSS.

Data encryption

  • In transit: All data transmitted between your browser and Incenva is encrypted using TLS 1.2 or higher. We enforce HTTPS across all endpoints.
  • At rest: Sensitive data stored by Incenva is encrypted using AES-256 encryption.

Access controls

  • Access to production systems is restricted to authorized Incenva personnel on a need-to-know basis.
  • Multi-factor authentication (MFA) is required for all employee access to production systems and administrative tools.
  • Access rights are reviewed regularly and revoked promptly upon employee offboarding.
  • We apply the principle of least privilege across all internal systems.

Application security

  • Our development process incorporates security reviews, including code review and dependency scanning.
  • We conduct annual penetration testing by internal team.
  • Identified vulnerabilities are tracked and remediated according to a risk-based prioritization process.

Aggregated & de-identified data

The Incenva platform processes and stores only aggregated, de-identified analytics data. No personally identifiable information from end users is collected or stored within the platform. This design-by-default approach significantly reduces data exposure risk.

Incident response

Incenva maintains an incident response plan that is tested and reviewed regularly. In the event of a confirmed security incident affecting your data, we will notify affected parties as required by applicable law and our contractual commitments.

Business continuity

  • We maintain automated backups of critical data with daily frequency and 30-day retention.
  • Our recovery time objective (RTO) and recovery point objective (RPO) are reviewed as part of our business continuity planning.

Compliance & certifications

Framework / StandardStatus
SOC 2 Type II[In progress / Achieved — update when applicable]
CCPA (California)Compliant — see Privacy Policy
GDPR (EEA/UK)Applicable safeguards in place — see Privacy Policy
ISO 27001[In progress / Achieved / Not applicable — update when applicable]

Responsible disclosure

We welcome responsible disclosure of potential security vulnerabilities. If you have discovered a security issue affecting Incenva, please report it to security@incenva.com. We are committed to working with researchers in good faith and will acknowledge reports promptly.

Please do not publicly disclose any potential vulnerability before we have had a reasonable opportunity to investigate and address it.

Questions

For security-related inquiries, enterprise security questionnaires, or to request our security documentation: security@incenva.com