Privacy and Security

Privacy by design

Our infrastructure is designed to exceed industry standards to keep your data safe and compliant. Learn more in our Trust Report.

Incentiv's Privacy Principles


We actively prepare for upcoming laws and regulations.


We are committed to safeguarding customer data.


We are transparent about our practices and focus on trust.


We challenge ourselves to support our users’ evolving needs.

Compliance with global 
privacy laws and regulations

Committed to SOC 2, GDPR and CCPA

Your trust is our priority, and we've got every aspect covered to safeguard your information.

Aggregated & de-identified data

All benchmark data is anonymized and aggregated. This ensures no PII about your executives or your company is ever disclosed.

data residency

Incentiv securely hosts your data in AWS in alignment with GDPR and related regulations, enabling data residency requirements to be met.

Enterprise security that enables privacy

Secure authorization

We help users manage access, integrating with leading MFA and single sign-on tools.

Data encyrption

Data is protected in-flight using 256-bit TLS encryption and at rest using AES-256 or higher.

Regular pen testing

We conduct bi-annual pen tests and work with the security community in a bounty program.

Compliant and secure

We are deeply committed to maintaining the highest compliance and security standards so you can be confident about how your data is being stored and protected.

Frequently asked questions

Is my data encrypted?

Yes, we utilize industry-standard encryption methods to secure data both at rest and in transit, ensuring that your data remains confidential and protected at all times.

How is my data protected from unauthorized access?

We've implemented multi-factor authentication (MFA) for users accessing our platform as well as within our infrastructure to protect your data while it is stored from unauthorized access. This additional layer of security ensures that only authorized personnel can access sensitive data within the application.

Are regular security audits performed on the Incentiv platform?

We undergo periodic third-party security assessments and audits including annual SOC 2 Type 2 assessments. We are continuously audited to high industry standards, ensuring that our security practices are robust and compliant.

How does Incentiv detect and respond to security breaches?

We maintain rigorous application security standards. Our systems are designed to monitor, detect, and respond to any suspicious activities in real-time. Furthermore, we've set up advanced security measures such as network segmentation, real-time logging, and alerting to ensure the platform's resilience against threats.

How long is my data retained on the Incentiv platform, and can I request its deletion?

In accordance with our privacy policy, data is retained throughout the duration of a client engagement. After the engagement concludes, all Personally Identifiable Information (PII) is anonymized to the strictest standards, and individual data records are assigned unique identifiers to ensure privacy.

Is my data shared with third parties?

Data sharing is limited only to vetted third-party sub-processors who are critical for the functionality of the application (e.g. AWS). We ensure that all sharing is conducted with the explicit consent of the client, prioritizing transparency and trust.

How does the platform ensure that the data remains anonymous and can't be traced back to individual companies or executives?

We ensure that only you are able to see the data that you provide to Incentiv. Other customers will only see aggregated data that does not contain PII and will have no access to PII related to your employees. We achieve this through stringent data access controls, limitations on the minimum number of results displayed, and layered encryption, ensuring that data is both secure and compartmentalized based on user permissions.

Does Incentiv have a dedicated security team?

Yes, Incentiv employs a Chief Information Security Officer (CISO) to lead its security and privacy program. The CISO  is complemented by a team of in-house and external security experts. This multifaceted approach ensures that our platform's security is always ahead of the curve.

How can I be informed of any changes to the privacy and security policies of the Incentiv platform?

As a rule, we always keep our clients informed of any changes or updates to our policies in real-time. We are committed to maintaining open communication and transparency with our users.

Do you have more detailed documentation about your security and privacy practices?

Yes, you can read more about our security and privacy practices in our Security and Privacy white papers.

Comp is complicated

The first platform built for executive talent management
Get Started