Data Security

Administrative, technical, and organizational measures Incoss Technologies uses to protect client and user information.

Last updated: June 14, 2026

1. Our commitment

Incoss Technologies takes the security of information seriously. We implement safeguards designed to protect confidentiality, integrity, and availability of data processed through our systems and client engagements. Security requirements for specific projects may be defined in statements of work or data processing agreements.

2. Governance and access control

Security practices include:

  • Limiting access to systems and data to personnel and contractors with a legitimate business need.
  • Using role-based access controls and strong authentication for administrative systems where feasible.
  • Requiring confidentiality obligations for team members handling sensitive information.
  • Reviewing access periodically and revoking access when no longer required.

3. Technical safeguards

Depending on the system and engagement, we may employ measures such as:

  • Encryption in transit using TLS/HTTPS for website and API communications.
  • Encryption at rest for cloud infrastructure where supported by the hosting provider.
  • Secure development practices including code review, dependency monitoring, and environment separation.
  • Backups and recovery procedures for business-critical systems we operate.
  • Logging and monitoring to detect unusual activity.
  • Firewalling, network segmentation, and hardened server configurations where applicable.

4. Application and infrastructure security

We follow industry-recognized practices for building and deploying web and mobile applications, including input validation, protection against common web vulnerabilities, secrets management, and least-privilege cloud permissions. Specific security controls for your product will be documented in project plans or architecture documents as appropriate.

5. Vendor and subprocessors

We use reputable cloud, email, authentication, and analytics providers to operate our business. We evaluate vendors for security posture and contractual protections. A list of subprocessors relevant to your engagement can be provided upon request.

6. Incident response

We maintain procedures to identify, contain, investigate, and remediate security incidents. If we become aware of a breach affecting personal data we control and are required to notify you or regulators, we will do so without undue delay in accordance with applicable law and contractual obligations.

7. Client responsibilities

Security is a shared responsibility. Clients are responsible for safeguarding their account credentials, configuring access to delivered systems appropriately, maintaining secure environments on their side, and promptly reporting suspected security issues related to our services.

8. Reporting security concerns

If you discover a vulnerability or suspect unauthorized access involving Incoss systems or a project we maintain, contact contact@incosstech.com with sufficient detail to reproduce or investigate the issue. Please do not publicly disclose vulnerabilities until we have had a reasonable opportunity to address them.