Processes and security
      Back to home
      1. Help Center
      2. Processes and security

      Security principles

      Integration Glue uses trusted subprocessors, follows strict security standards, ensures data privacy with stateless processing and encryption, and is working towards SOC2 compliance.

      List of SubProcessors:

      • Google LLC (Main cloud hosting provider and email provider)

      • HubSpot (CRM)

      • Microsoft (Sharepoint for the Microsoft related microapps only)

      • Cloudflare (DNS, CDN, Internet Security)

      • Slack (Internal Messaging app)

      • Stripe (Payment processing)

      • Auth0 / Okta (Authentication on our platform)

      Data Protection

      • All our processing is located in the Google Cloud 'us-central1' by default. It is possible for us to customise this for Enterprise clients and use any Google Cloud region, https://cloud.google.com/compute/docs/regions-zones.
        We plan on having Europe and Australia as possible default locations.

      • Most of our integrations are stateless (The DocuSign one is 100% stateless, for example). We do not store any data and all the processing is done in memory.

      • Data caching if required for performance reasons is limited to 10 minutes

      • Data storage if any is following google cloud security standard using EAS encryption

      • We use serverless computing technology, which automatically shuts down after 10 minutes of inactivity, clearing any cached data.

      • We remove data if we have any at the end of the contract automatically after 3 months. We can delete it earlier if requested

      • Clients keep ownership of any data that transit through our systems

      • We do not share or train AI with your data

      Security Standards that are in place by Integration Glue

      • Bi-Ennial external penetration testing

      • Bi-Ennial external permissions/access control to Google Cloud/workspace review

      • Static Code analysis part of the CI/CD process

      • Approval is required by multiple team members for every production release (part of the CI/CD process)

      • New developer security training and best practices during onboarding

      • Yearly team security training

      • Use of secure and maintained libraries

        • We use Python as our main programming language

        • Every library addition goes through an approval process

        • Libraries are updated as soon as possible in case of critical CVE

        • Integrations are going through a maintenance/upgrade process every 3 months.

      • Usage of web security best practice

        • Following the OWASP recommendations

        • Use of Security Headers, HMAC verification over HTTPS

        • Use of JWT tokens for stateless authentication

      • We do have a security incident response plan that we can share with you if required

      • We are aiming to become SOC2 compliant and are using this framework as a baseline for all our organisation guidelines

      • The email address for security incidents is security@integrationglue.com