Intempt strongly believes that customers should be able to control their data and trust that information is protected when stored in its servers. To support this, Intempt holds itself to strict data security and privacy standards, including compliance with the General Data Protection Regulation (GDPR).
As controllers of personal data, Intempt and its customers must uphold certain rights stated by the GDPR, including:
Intempt will support individuals’ right to access and right to portability of their personal data through individual export requests. Any Intempt account holder will be able to request an export of one’s own personal data, as well as the personal data of their own end-users.
Our customers control what data is sent to Intempt, and may decide to halt the sending of personal data at any time.
Intempt collects information about how customers use the product and uses this data to identify product gaps and improve existing products. While this information is useful, Intempt recognizes the importance of an individual’s right to object.
As a data processor under the GDPR, we are responsible for the subcontractors we retain to help us provide our services. To support delivery of our services to customers, we engage certain vendors who help us process our customers’ data. Some of these vendors provide our data storage and infrastructure and are an integral part of the services we provide while others provide important account management assistance. We know we have an important responsibility when it comes to scrutinizing these subcontractors which is why our Vendor Risk Assessment program requires each subcontractor to undergo a rigorous review to ensure each has the required technical and organizational expertise and measures in place to deliver an appropriate level of security and privacy. We have developed an internal map of all customer data flow in connection with our subcontractor review to ensure GDPR compliance, which include our requirements to assist with data subject access requests.
The GDPR requires controllers and processors of personal data to “implement appropriate technical and organisational” measures to ensure a level of security appropriate to the risk. Intempt uses Amazon Web Services (“AWS”) as its third-party cloud storage subcontractor and does not host customer data on its premises. AWS is a leading cloud provider, and holds industry best security certifications, such as SOC2 and ISO27001, and provides encryption in transit and at rest, without any action required from our customers.
For Intempt employees, access rights and levels are based on job function and role, using the concepts of least-privilege and need-to-know to match access privileges to defined responsibilities. Additionally, all Intempt employees must abide by multiple policies about handling customer data securely and protecting customer data.
At least annually, we invite an independent, third-party auditor to run penetration testing. Additionally we run scans for software vulnerabilities and have an event management infrastructure, which provides 24x7x365 monitoring and alerting for incidents in our networks and systems.
Intempt customers can access product features and configurations to further protect personal data against unauthorized or unlawful processing. You can read more about our commitment to security here.
As processors of its customers’ data and to protect the privacy of information it stores, Intempt holds data no longer than is needed to provide its services. To further support this, Intempt has implemented the following data retention policy:
This policy includes organizations that were deleted through the Organization Settings -- deleting a project through the Organization Settings triggers a soft deletion. The data in the deleted or reset project will remain stored in Intempt for 60-90 days, after which it will be hard deleted and unrecoverable.
Intempt has a dedicated Data Protection Officer (DPO), along with a team of privacy and security professionals dedicated to our compliance and to helping you maintain your compliance when using Intempt. If you would like to reach our DPO or have or have follow-up questions please reach out to us at firstname.lastname@example.org.