Privacy by design
Incentiv's Privacy Principles
.svg)
Proactive
We actively prepare for upcoming laws and regulations.
.svg)
Secure
We are committed to safeguarding customer data.
Trusted
We are transparent about our practices and focus on trust.
.svg)
Continuous
We challenge ourselves to support our users’ evolving needs.
Compliance with global privacy laws and regulations
Committed to SOC 2, GDPR and CCPA
Your trust is our priority, and we've got every aspect covered to safeguard your information.
Aggregated & de-identified data
All benchmark data is anonymized and aggregated. This ensures no PII about your executives or your company is ever disclosed.
.webp)
Comprehensive data residency
Incentiv securely hosts your data in AWS in alignment with GDPR and related regulations, enabling data residency requirements to be met.
.svg)
Enterprise security that enables privacy
Secure authorization
We help users manage access, integrating with leading MFA and single sign-on tools.
Data encyrption
Data is protected in-flight using 256-bit TLS encryption and at rest using AES-256 or higher.
Regular pen testing
We conduct bi-annual pen tests and work with the security community in a bounty program.
Compliant and secure
Frequently asked questions
.svg)
Yes, we utilize industry-standard encryption methods to secure data both at rest and in transit, ensuring that your data remains confidential and protected at all times.
We've implemented multi-factor authentication (MFA) for users accessing our platform as well as within our infrastructure to protect your data while it is stored from unauthorized access. This additional layer of security ensures that only authorized personnel can access sensitive data within the application.
We undergo periodic third-party security assessments and audits including annual SOC 2 Type 2 assessments. We are continuously audited to high industry standards, ensuring that our security practices are robust and compliant.
We maintain rigorous application security standards. Our systems are designed to monitor, detect, and respond to any suspicious activities in real-time. Furthermore, we've set up advanced security measures such as network segmentation, real-time logging, and alerting to ensure the platform's resilience against threats.
In accordance with our privacy policy, data is retained throughout the duration of a client engagement. After the engagement concludes, all Personally Identifiable Information (PII) is anonymized to the strictest standards, and individual data records are assigned unique identifiers to ensure privacy.
Data sharing is limited only to vetted third-party sub-processors who are critical for the functionality of the application (e.g. AWS). We ensure that all sharing is conducted with the explicit consent of the client, prioritizing transparency and trust.
We ensure that only you are able to see the data that you provide to Incentiv. Other customers will only see aggregated data that does not contain PII and will have no access to PII related to your employees. We achieve this through stringent data access controls, limitations on the minimum number of results displayed, and layered encryption, ensuring that data is both secure and compartmentalized based on user permissions.
Yes, Incentiv employs a Chief Information Security Officer (CISO) to lead its security and privacy program. The CISO is complemented by a team of in-house and external security experts. This multifaceted approach ensures that our platform's security is always ahead of the curve.
As a rule, we always keep our clients informed of any changes or updates to our policies in real-time. We are committed to maintaining open communication and transparency with our users.
