IncluD Logo

Menu

Security Policy

Security Policy

1.1 Security Commitment

Use of ISO/IEC 27001-compliant technologies and practices.

1.2 ISMS & Risk Management

Annual risk assessments, treatment plans, and ISMS policies.

1.3 Asset Management

Inventory and classification of information assets.

1.4 Access Control

Role-based, least-privilege access; MFA via Clerk.com; WebAuthn support.

1.5 Encryption

TLS 1.2+ in transit; AES-256 at rest.

1.6 Application Security

Secure SDLC, code reviews, static/dynamic analysis, dependency scanning.

1.7 Infrastructure Security

AWS/GCP hosting with firewalls, IDS/IPS, and DDoS protection.

1.8 Incident Response

Plan covering detection, containment, eradication, recovery, and notification within 72 hours.

1.9 Processing Scope

Only analyses publicly available website content; no personal data stored.

1.10 ISO 27001 Readiness

Periodic internal audits, management reviews, and continual improvement.

1.11 Periodic Audits

Quarterly internal and biennial third-party penetration tests.

1.12 General Provisions: This Security Policy is subject to the General Provisions outlined here.

Platform

Blog

About

Pricing

Contact

Privacy Policy

Security Policy

© 2025 IncluD