Security and Privacy
Here's a quick overview of our policies. Please reach out to firstname.lastname@example.org to learn more.
Your data and connections are secured to best practice standards. All data is encrypted in transit and at rest. If you use a data connector, we encrypt all credentials and they are never used or logged in plaintext.
If you connect from a S3 bucket or a database source, we will not make a full extract of your data; data is only kept in memory, and samples may be cached temporarily to improve run speed. CSV / flat file uploads, as noted before, will be stored encrypted.
All changes to Einblick code are tracked in a ticket system, code is reviewed by designated code owner, unit tested by the developer, and the system is tested by an indpendent group before any new code reaches production.
We do static code scans, track vulnerabilities based on multiple sources, and require remediation based on risk analysis.
All access to any of Einblick's systems by Einblick employees is managed through a centrally managed approval process. Access requires approvals, and the access process is based on roles and responsibilities.
Key systems are all secured through single-sign on with multi-factor authentication. Access to service critical systems (production and development environments) are directly linked to the HR system and automatically disabled upon termination.
In case of a significant disruption to service or a data breach, our Incident Response Plan establishes how incidents get reported after anyone at Einblick becomes aware, and the roles and responsibilities of various response team members. Incident response is led by an incident manager and depends on the severity classification.
Our security approach is led and managed by engineering leadership, reviewed on a quarterly basis, and tested annually.